ID

VAR-202008-0959


CVE

CVE-2020-6299


TITLE

SAP NetWeaver and ABAP Platform Vulnerability regarding information leakage in

Trust: 0.8

sources: JVNDB: JVNDB-2020-009378

DESCRIPTION

SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 740, 750, 751, 752, 753, 754, 755, allows a business user to access the list of users in the given system using value help, leading to Information Disclosure. SAP NetWeaver (ABAP Server) and ABAP Platform There is an information leakage vulnerability in.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2020-6299 // JVNDB: JVNDB-2020-009378

AFFECTED PRODUCTS

vendor:sapmodel:abap platformscope:eqversion:740

Trust: 1.8

vendor:sapmodel:abap platformscope:eqversion:750

Trust: 1.8

vendor:sapmodel:abap platformscope:eqversion:751

Trust: 1.8

vendor:sapmodel:abap platformscope:eqversion:753

Trust: 1.8

vendor:sapmodel:abap platformscope:eqversion:754

Trust: 1.8

vendor:sapmodel:abap platformscope:eqversion:755

Trust: 1.8

vendor:sapmodel:netweaver as abapscope:eqversion:751

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:753

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:750

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:754

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:755

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:740

Trust: 1.0

vendor:sapmodel:abap platformscope:eqversion:752

Trust: 0.8

vendor:sapmodel:abap serverscope:eqversion:740

Trust: 0.8

vendor:sapmodel:abap serverscope:eqversion:750

Trust: 0.8

vendor:sapmodel:abap serverscope:eqversion:751

Trust: 0.8

vendor:sapmodel:abap serverscope:eqversion:752

Trust: 0.8

vendor:sapmodel:abap serverscope:eqversion:753

Trust: 0.8

vendor:sapmodel:abap serverscope:eqversion:754

Trust: 0.8

vendor:sapmodel:abap serverscope:eqversion:755

Trust: 0.8

sources: JVNDB: JVNDB-2020-009378 // NVD: CVE-2020-6299

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2020-6299
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-009378
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202008-406
value: MEDIUM

Trust: 0.6

NVD: CVE-2020-6299
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-009378
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

NVD: CVE-2020-6299
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-009378
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-009378 // CNNVD: CNNVD-202008-406 // NVD: CVE-2020-6299

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-200

Trust: 0.8

sources: JVNDB: JVNDB-2020-009378 // NVD: CVE-2020-6299

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202008-406

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202008-406

CONFIGURATIONS

sources: NVD: CVE-2020-6299

PATCH

title:SAP Security Patch Day - August 2020url:https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=552603345

Trust: 0.8

title:SAP NetWeaver AS ABAP and ABAP Platform Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=126650

Trust: 0.6

sources: JVNDB: JVNDB-2020-009378 // CNNVD: CNNVD-202008-406

EXTERNAL IDS

db:NVDid:CVE-2020-6299

Trust: 2.4

db:JVNDBid:JVNDB-2020-009378

Trust: 0.8

db:CNNVDid:CNNVD-202008-406

Trust: 0.6

sources: JVNDB: JVNDB-2020-009378 // CNNVD: CNNVD-202008-406 // NVD: CVE-2020-6299

REFERENCES

url:https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=552603345

Trust: 1.6

url:https://launchpad.support.sap.com/#/notes/2941510

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-6299

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-6299

Trust: 0.8

url:https://vigilance.fr/vulnerability/sap-multiple-vulnerabilities-of-august-2020-33047

Trust: 0.6

sources: JVNDB: JVNDB-2020-009378 // CNNVD: CNNVD-202008-406 // NVD: CVE-2020-6299

SOURCES

db:JVNDBid:JVNDB-2020-009378
db:CNNVDid:CNNVD-202008-406
db:NVDid:CVE-2020-6299

LAST UPDATE DATE

2022-05-04T10:03:27.591000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2020-009378date:2020-11-04T05:27:32
db:CNNVDid:CNNVD-202008-406date:2020-08-17T00:00:00
db:NVDid:CVE-2020-6299date:2021-07-21T11:39:00

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2020-009378date:2020-11-04T05:27:32
db:CNNVDid:CNNVD-202008-406date:2020-08-11T00:00:00
db:NVDid:CVE-2020-6299date:2020-08-12T14:15:00