Sign-up

ID

VAR-202007-1110


CVE

CVE-2020-6285


TITLE

SAP NetWeaver Vulnerability regarding information leakage in

Trust: 0.8

sources: JVNDB: JVNDB-2020-007719

DESCRIPTION

SAP NetWeaver - XML Toolkit for JAVA (ENGINEAPI) (versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50), under certain conditions allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure. SAP NetWeaver There is an information leakage vulnerability in.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2020-6285 // JVNDB: JVNDB-2020-007719

AFFECTED PRODUCTS

vendor:sapmodel:netweaverscope:eqversion:7.10

Trust: 1.8

vendor:sapmodel:netweaverscope:eqversion:7.11

Trust: 1.8

vendor:sapmodel:netweaverscope:eqversion:7.20

Trust: 1.8

vendor:sapmodel:netweaverscope:eqversion:7.30

Trust: 1.8

vendor:sapmodel:netweaverscope:eqversion:7.31

Trust: 1.8

vendor:sapmodel:netweaverscope:eqversion:7.40

Trust: 1.8

vendor:sapmodel:netweaverscope:eqversion:7.50

Trust: 1.8

sources: JVNDB: JVNDB-2020-007719 // NVD: CVE-2020-6285

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-6285
value: MEDIUM

Trust: 1.0

cna@sap.com: CVE-2020-6285
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-007719
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202007-796
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2020-6285
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-007719
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

nvd@nist.gov: CVE-2020-6285
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

cna@sap.com: CVE-2020-6285
baseSeverity: HIGH
baseScore: 7.7
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.1
impactScore: 4.0
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-007719
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-007719 // CNNVD: CNNVD-202007-796 // NVD: CVE-2020-6285 // NVD: CVE-2020-6285

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-200

Trust: 0.8

sources: JVNDB: JVNDB-2020-007719 // NVD: CVE-2020-6285

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202007-796

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202007-796

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-007719

PATCH
title:SAP Security Patch Day - July 2020url:https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552599675
Trust: 0.8
title:SAP NetWeaver-XML Toolkit for JAVA Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124657
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-007719 // 
            
            
            
            CNNVD: CNNVD-202007-796

EXTERNAL IDS
db:NVDid:CVE-2020-6285
Trust: 2.4
db:JVNDBid:JVNDB-2020-007719
Trust: 0.8
db:CNNVDid:CNNVD-202007-796
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-007719 // 
            
            
            
            CNNVD: CNNVD-202007-796 // 
            
            
            
            NVD: CVE-2020-6285

REFERENCES
url:https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=552599675
Trust: 1.6
url:https://launchpad.support.sap.com/#/notes/2932473
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2020-6285
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-6285
Trust: 0.8
url:https://vigilance.fr/vulnerability/sap-multiple-vulnerabilities-of-july-2020-32835
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-007719 // 
            
            
            
            CNNVD: CNNVD-202007-796 // 
            
            
            
            NVD: CVE-2020-6285

SOURCES
db:JVNDBid:JVNDB-2020-007719
db:CNNVDid:CNNVD-202007-796
db:NVDid:CVE-2020-6285

LAST UPDATE DATE
2024-11-23T21:35:30.135000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2020-007719date:2020-08-25T00:00:00
db:CNNVDid:CNNVD-202007-796date:2021-01-05T00:00:00
db:NVDid:CVE-2020-6285date:2024-11-21T05:35:26.257

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2020-007719date:2020-08-25T00:00:00
db:CNNVDid:CNNVD-202007-796date:2020-07-14T00:00:00
db:NVDid:CVE-2020-6285date:2020-07-14T13:15:12.827