Details of VAR-202005-1003

ID

VAR-202005-1003

CVE

CVE-2020-6240

TITLE

SAP NetWeaver AS ABAP Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-005330

DESCRIPTION

SAP NetWeaver AS ABAP (Web Dynpro ABAP), versions (SAP_UI 750, 752, 753, 754 and SAP_BASIS 700, 710, 730, 731, 804) allows an unauthenticated attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service leading to Denial of Service. SAP NetWeaver AS ABAP (Web Dynpro ABAP) There is an input verification vulnerability in.Service operation interruption (DoS) It may be put into a state

Trust: 1.71

sources: NVD: CVE-2020-6240 // JVNDB: JVNDB-2020-005330 // VULMON: CVE-2020-6240

AFFECTED PRODUCTS

vendor:	sap	model:	netweaver as abap	scope:	eq	version:	700	Trust: 1.1
vendor:	sap	model:	netweaver as abap	scope:	eq	version:	710	Trust: 1.1
vendor:	sap	model:	netweaver as abap	scope:	eq	version:	730	Trust: 1.1
vendor:	sap	model:	netweaver as abap	scope:	eq	version:	731	Trust: 1.1
vendor:	sap	model:	netweaver as abap	scope:	eq	version:	750	Trust: 1.1
vendor:	sap	model:	netweaver as abap	scope:	eq	version:	752	Trust: 1.1
vendor:	sap	model:	netweaver as abap	scope:	eq	version:	753	Trust: 1.1
vendor:	sap	model:	netweaver as abap	scope:	eq	version:	754	Trust: 1.1
vendor:	sap	model:	netweaver as abap	scope:	eq	version:	804	Trust: 1.1
vendor:	sap	model:	netweaver application server abap	scope:	-	version:	-	Trust: 0.8

sources: VULMON: CVE-2020-6240 // JVNDB: JVNDB-2020-005330 // NVD: CVE-2020-6240

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2020-6240
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2020-005330
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202005-510
value:	HIGH
Trust: 0.6
VULMON:	CVE-2020-6240
value:	MEDIUM
Trust: 0.1

VULMON:	CVE-2020-6240
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2020-005330
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8

NVD:	CVE-2020-6240
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-005330
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2020-6240 // JVNDB: JVNDB-2020-005330 // CNNVD: CNNVD-202005-510 // NVD: CVE-2020-6240

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-20	Trust: 0.8

sources: JVNDB: JVNDB-2020-005330 // NVD: CVE-2020-6240

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202005-510

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202005-510

CONFIGURATIONS

sources: NVD: CVE-2020-6240

PATCH

title:	SAP Security Patch Day - May 2020	url:	https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=545396222	Trust: 0.8
title:	SAP NetWeaver AS ABAP Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=118821	Trust: 0.6

sources: JVNDB: JVNDB-2020-005330 // CNNVD: CNNVD-202005-510

EXTERNAL IDS

db:	NVD	id:	CVE-2020-6240	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-005330	Trust: 0.8
db:	NSFOCUS	id:	47665	Trust: 0.6
db:	CNNVD	id:	CNNVD-202005-510	Trust: 0.6
db:	VULMON	id:	CVE-2020-6240	Trust: 0.1

sources: VULMON: CVE-2020-6240 // JVNDB: JVNDB-2020-005330 // CNNVD: CNNVD-202005-510 // NVD: CVE-2020-6240

REFERENCES

url:	https://launchpad.support.sap.com/#/notes/2856923	Trust: 1.7
url:	https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=545396222	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6240	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-6240	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/47665	Trust: 0.6
url:	https://vigilance.fr/vulnerability/sap-multiple-vulnerabilities-of-may-2020-32236	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/181812	Trust: 0.1

sources: VULMON: CVE-2020-6240 // JVNDB: JVNDB-2020-005330 // CNNVD: CNNVD-202005-510 // NVD: CVE-2020-6240

SOURCES

db:	VULMON	id:	CVE-2020-6240
db:	JVNDB	id:	JVNDB-2020-005330
db:	CNNVD	id:	CNNVD-202005-510
db:	NVD	id:	CVE-2020-6240

LAST UPDATE DATE

2022-05-04T09:09:06.772000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2020-6240	date:	2020-05-14T00:00:00
db:	JVNDB	id:	JVNDB-2020-005330	date:	2020-06-11T00:00:00
db:	CNNVD	id:	CNNVD-202005-510	date:	2021-08-16T00:00:00
db:	NVD	id:	CVE-2020-6240	date:	2021-07-21T11:39:00

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2020-6240	date:	2020-05-12T00:00:00
db:	JVNDB	id:	JVNDB-2020-005330	date:	2020-06-11T00:00:00
db:	CNNVD	id:	CNNVD-202005-510	date:	2020-05-12T00:00:00
db:	NVD	id:	CVE-2020-6240	date:	2020-05-12T18:15:00