Sign-up

ID

VAR-202008-0963


CVE

CVE-2020-6310


TITLE

SAP NetWeaver and ABAP Platform Vulnerability regarding information leakage in

Trust: 0.8

sources: JVNDB: JVNDB-2020-009373

DESCRIPTION

Improper access control in SOA Configuration Trace component in SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 702, 730, 731, 740, 750, allows any authenticated user to enumerate all SAP users, leading to Information Disclosure. SAP NetWeaver (ABAP Server) and ABAP Platform There is an information leakage vulnerability in.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2020-6310 // JVNDB: JVNDB-2020-009373

AFFECTED PRODUCTS

vendor:sapmodel:abap platformscope:eqversion:711

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:731

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:700

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:711

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:753

Trust: 1.0

vendor:sapmodel:abap platformscope:eqversion:755

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:750

Trust: 1.0

vendor:sapmodel:abap platformscope:eqversion:710

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:755

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:740

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:710

Trust: 1.0

vendor:sapmodel:abap platformscope:eqversion:7.50

Trust: 1.0

vendor:sapmodel:abap platformscope:eqversion:7.40

Trust: 1.0

vendor:sapmodel:abap platformscope:eqversion:751

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:751

Trust: 1.0

vendor:sapmodel:abap platformscope:eqversion:702

Trust: 1.0

vendor:sapmodel:abap platformscope:eqversion:7.31

Trust: 1.0

vendor:sapmodel:abap platformscope:eqversion:701

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:702

Trust: 1.0

vendor:sapmodel:abap platformscope:eqversion:700

Trust: 1.0

vendor:sapmodel:abap platformscope:eqversion:753

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:701

Trust: 1.0

vendor:sapmodel:abap platformscope:eqversion:730

Trust: 0.8

vendor:sapmodel:abap platformscope:eqversion:731

Trust: 0.8

vendor:sapmodel:abap platformscope:eqversion:740

Trust: 0.8

vendor:sapmodel:abap platformscope:eqversion:750

Trust: 0.8

vendor:sapmodel:abap serverscope:eqversion:730

Trust: 0.8

vendor:sapmodel:abap serverscope:eqversion:731

Trust: 0.8

vendor:sapmodel:abap serverscope:eqversion:740

Trust: 0.8

vendor:sapmodel:abap serverscope:eqversion:750

Trust: 0.8

sources: JVNDB: JVNDB-2020-009373 // NVD: CVE-2020-6310

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2020-6310
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-009373
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202008-404
value: MEDIUM

Trust: 0.6

NVD: CVE-2020-6310
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-009373
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

NVD: CVE-2020-6310
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-009373
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-009373 // CNNVD: CNNVD-202008-404 // NVD: CVE-2020-6310

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-200

Trust: 0.8

sources: JVNDB: JVNDB-2020-009373 // NVD: CVE-2020-6310

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202008-404

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202008-404

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2020-6310

PATCH
title:SAP Security Patch Day - August 2020url:https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=552603345
Trust: 0.8
title:SAP NetWeaver AS ABAP  and ABAP Platform Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=126649
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-009373 // 
            
            
            
            CNNVD: CNNVD-202008-404

EXTERNAL IDS
db:NVDid:CVE-2020-6310
Trust: 2.4
db:JVNDBid:JVNDB-2020-009373
Trust: 0.8
db:CNNVDid:CNNVD-202008-404
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-009373 // 
            
            
            
            CNNVD: CNNVD-202008-404 // 
            
            
            
            NVD: CVE-2020-6310

REFERENCES
url:https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=552603345
Trust: 1.6
url:https://launchpad.support.sap.com/#/notes/2944988
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2020-6310
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-6310
Trust: 0.8
url:https://vigilance.fr/vulnerability/sap-multiple-vulnerabilities-of-august-2020-33047
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-009373 // 
            
            
            
            CNNVD: CNNVD-202008-404 // 
            
            
            
            NVD: CVE-2020-6310

SOURCES
db:JVNDBid:JVNDB-2020-009373
db:CNNVDid:CNNVD-202008-404
db:NVDid:CVE-2020-6310

LAST UPDATE DATE
2022-05-04T09:21:42.747000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2020-009373date:2020-11-04T05:25:28
db:CNNVDid:CNNVD-202008-404date:2020-08-17T00:00:00
db:NVDid:CVE-2020-6310date:2021-07-21T11:39:00

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2020-009373date:2020-11-04T05:25:28
db:CNNVDid:CNNVD-202008-404date:2020-08-11T00:00:00
db:NVDid:CVE-2020-6310date:2020-08-12T14:15:00