Sign-up

ID

VAR-202008-0956


CVE

CVE-2020-6296


TITLE

SAP NetWeaver and ABAP Platform Code injection vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-009376

DESCRIPTION

SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 753, 755, allows an attacker to inject code that can be executed by the application, leading to Code Injection. An attacker could thereby control the behavior of the application. (DoS) It may be put into a state

Trust: 1.62

sources: NVD: CVE-2020-6296 // JVNDB: JVNDB-2020-009376

AFFECTED PRODUCTS

vendor:sapmodel:abap platformscope:eqversion:700

Trust: 1.8

vendor:sapmodel:abap platformscope:eqversion:701

Trust: 1.8

vendor:sapmodel:abap platformscope:eqversion:702

Trust: 1.8

vendor:sapmodel:abap platformscope:eqversion:710

Trust: 1.8

vendor:sapmodel:abap platformscope:eqversion:711

Trust: 1.8

vendor:sapmodel:abap platformscope:eqversion:740

Trust: 1.8

vendor:sapmodel:abap platformscope:eqversion:750

Trust: 1.8

vendor:sapmodel:abap platformscope:eqversion:751

Trust: 1.8

vendor:sapmodel:abap platformscope:eqversion:753

Trust: 1.8

vendor:sapmodel:abap platformscope:eqversion:755

Trust: 1.8

vendor:sapmodel:netweaver as abapscope:eqversion:731

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:700

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:711

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:753

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:750

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:755

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:740

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:710

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:751

Trust: 1.0

vendor:sapmodel:abap platformscope:eqversion:7.31

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:702

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:701

Trust: 1.0

vendor:sapmodel:abap platformscope:eqversion:730

Trust: 0.8

vendor:sapmodel:abap platformscope:eqversion:731

Trust: 0.8

vendor:sapmodel:abap serverscope:eqversion:700

Trust: 0.8

vendor:sapmodel:abap serverscope:eqversion:701

Trust: 0.8

vendor:sapmodel:abap serverscope:eqversion:702

Trust: 0.8

vendor:sapmodel:abap serverscope:eqversion:710

Trust: 0.8

vendor:sapmodel:abap serverscope:eqversion:711

Trust: 0.8

vendor:sapmodel:abap serverscope:eqversion:730

Trust: 0.8

vendor:sapmodel:abap serverscope:eqversion:731

Trust: 0.8

vendor:sapmodel:abap serverscope:eqversion:740

Trust: 0.8

vendor:sapmodel:abap serverscope:eqversion:750

Trust: 0.8

vendor:sapmodel:abap serverscope:eqversion:751

Trust: 0.8

vendor:sapmodel:abap serverscope:eqversion:753

Trust: 0.8

vendor:sapmodel:abap serverscope:eqversion:755

Trust: 0.8

sources: JVNDB: JVNDB-2020-009376 // NVD: CVE-2020-6296

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2020-6296
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-009376
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202008-415
value: HIGH

Trust: 0.6

NVD: CVE-2020-6296
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-009376
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

NVD: CVE-2020-6296
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-009376
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-009376 // CNNVD: CNNVD-202008-415 // NVD: CVE-2020-6296

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-94

Trust: 0.8

sources: JVNDB: JVNDB-2020-009376 // NVD: CVE-2020-6296

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202008-415

TYPE

code injection

Trust: 0.6

sources: CNNVD: CNNVD-202008-415

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2020-6296

PATCH
title:SAP Security Patch Day - August 2020url:https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=552603345
Trust: 0.8
title:SAP NetWeaver AS ABAP  and ABAP Platform Fixes for code injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=126652
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-009376 // 
            
            
            
            CNNVD: CNNVD-202008-415

EXTERNAL IDS
db:NVDid:CVE-2020-6296
Trust: 2.4
db:JVNDBid:JVNDB-2020-009376
Trust: 0.8
db:CNNVDid:CNNVD-202008-415
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-009376 // 
            
            
            
            CNNVD: CNNVD-202008-415 // 
            
            
            
            NVD: CVE-2020-6296

REFERENCES
url:https://launchpad.support.sap.com/#/notes/2941667
Trust: 1.6
url:https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=552603345
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2020-6296
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-6296
Trust: 0.8
url:https://vigilance.fr/vulnerability/sap-multiple-vulnerabilities-of-august-2020-33047
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-009376 // 
            
            
            
            CNNVD: CNNVD-202008-415 // 
            
            
            
            NVD: CVE-2020-6296

SOURCES
db:JVNDBid:JVNDB-2020-009376
db:CNNVDid:CNNVD-202008-415
db:NVDid:CVE-2020-6296

LAST UPDATE DATE
2022-05-04T10:15:04.765000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2020-009376date:2020-11-04T05:27:29
db:CNNVDid:CNNVD-202008-415date:2020-08-17T00:00:00
db:NVDid:CVE-2020-6296date:2021-07-21T11:39:00

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2020-009376date:2020-11-04T05:27:29
db:CNNVDid:CNNVD-202008-415date:2020-08-11T00:00:00
db:NVDid:CVE-2020-6296date:2020-08-12T14:15:00