Sign-up

ID

VAR-202006-1351


CVE

CVE-2020-6275


TITLE

SAP Netweaver AS ABAP Server-Side Request Forgery Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-006602

DESCRIPTION

SAP Netweaver AS ABAP, versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, are vulnerable for Server Side Request Forgery Attack where in an attacker can use inappropriate path names containing malicious server names in the import/export of sessions functionality and coerce the web server into authenticating with the malicious server. Furthermore, if NTLM is setup the attacker can compromise confidentiality, integrity and availability of the SAP database. SAP Netweaver AS ABAP Contains a server-side request forgery vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state

Trust: 1.62

sources: NVD: CVE-2020-6275 // JVNDB: JVNDB-2020-006602

AFFECTED PRODUCTS

vendor:sapmodel:netweaver as abapscope:eqversion:731

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:700

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:711

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:730

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:751

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:753

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:752

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:750

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:740

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:702

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:754

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:710

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:701

Trust: 1.0

vendor:sapmodel:netweaver application server abapscope:eqversion:700

Trust: 0.8

vendor:sapmodel:netweaver application server abapscope:eqversion:701

Trust: 0.8

vendor:sapmodel:netweaver application server abapscope:eqversion:702

Trust: 0.8

vendor:sapmodel:netweaver application server abapscope:eqversion:710

Trust: 0.8

vendor:sapmodel:netweaver application server abapscope:eqversion:711

Trust: 0.8

vendor:sapmodel:netweaver application server abapscope:eqversion:730

Trust: 0.8

vendor:sapmodel:netweaver application server abapscope:eqversion:731

Trust: 0.8

vendor:sapmodel:netweaver application server abapscope:eqversion:740

Trust: 0.8

vendor:sapmodel:netweaver application server abapscope:eqversion:750

Trust: 0.8

vendor:sapmodel:netweaver application server abapscope:eqversion:751

Trust: 0.8

vendor:sapmodel:netweaver application server abapscope:eqversion:752

Trust: 0.8

vendor:sapmodel:netweaver application server abapscope:eqversion:753

Trust: 0.8

vendor:sapmodel:netweaver application server abapscope:eqversion:754

Trust: 0.8

sources: JVNDB: JVNDB-2020-006602 // NVD: CVE-2020-6275

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2020-6275
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2020-006602
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202006-619
value: CRITICAL

Trust: 0.6

NVD: CVE-2020-6275
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-006602
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

NVD: CVE-2020-6275
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-006602
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-006602 // CNNVD: CNNVD-202006-619 // NVD: CVE-2020-6275

PROBLEMTYPE DATA

problemtype:CWE-918

Trust: 1.8

sources: JVNDB: JVNDB-2020-006602 // NVD: CVE-2020-6275

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-619

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202006-619

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2020-6275

PATCH
title:SAP Security Patch Day - June 2020url:https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=547426775
Trust: 0.8
title:SAP NetWeaver AS ABAP Fixes for code issue vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=121795
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-006602 // 
            
            
            
            CNNVD: CNNVD-202006-619

EXTERNAL IDS
db:NVDid:CVE-2020-6275
Trust: 2.4
db:JVNDBid:JVNDB-2020-006602
Trust: 0.8
db:NSFOCUSid:50350
Trust: 0.6
db:CNNVDid:CNNVD-202006-619
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-006602 // 
            
            
            
            CNNVD: CNNVD-202006-619 // 
            
            
            
            NVD: CVE-2020-6275

REFERENCES
url:https://launchpad.support.sap.com/#/notes/2912939
Trust: 1.6
url:https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=547426775
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2020-6275
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-6275
Trust: 0.8
url:https://vigilance.fr/vulnerability/sap-multiple-vulnerabilities-of-june-2020-32470
Trust: 0.6
url:http://www.nsfocus.net/vulndb/50350
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-006602 // 
            
            
            
            CNNVD: CNNVD-202006-619 // 
            
            
            
            NVD: CVE-2020-6275

SOURCES
db:JVNDBid:JVNDB-2020-006602
db:CNNVDid:CNNVD-202006-619
db:NVDid:CVE-2020-6275

LAST UPDATE DATE
2022-05-04T09:09:02.626000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2020-006602date:2020-07-13T00:00:00
db:CNNVDid:CNNVD-202006-619date:2020-11-10T00:00:00
db:NVDid:CVE-2020-6275date:2020-06-16T14:57:00

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2020-006602date:2020-07-13T00:00:00
db:CNNVDid:CNNVD-202006-619date:2020-06-09T00:00:00
db:NVDid:CVE-2020-6275date:2020-06-10T13:15:00