CVE-2020-6228

EPSS 0.13%
Veröffentlicht 14.04.2020 19:15:17
Zuletzt bearbeitet 27.05.2025 16:51:05
Quelle cna@sap.com
Teams Watchlist Login
Unerledigt Login

SAP Business Client, versions 6.5, 7.0, does not perform necessary integrity checks which could be exploited by an attacker under certain conditions to modify the installer.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

SAP ≫ Business Client Version6.0 Update-

SAP ≫ Business Client Version6.0 Updatepatch_level1

SAP ≫ Business Client Version6.0 Updatepatch_level10

SAP ≫ Business Client Version6.0 Updatepatch_level11

SAP ≫ Business Client Version6.0 Updatepatch_level12

SAP ≫ Business Client Version6.0 Updatepatch_level13

SAP ≫ Business Client Version6.0 Updatepatch_level14

SAP ≫ Business Client Version6.0 Updatepatch_level15

SAP ≫ Business Client Version6.0 Updatepatch_level16

SAP ≫ Business Client Version6.0 Updatepatch_level17

SAP ≫ Business Client Version6.0 Updatepatch_level2

SAP ≫ Business Client Version6.0 Updatepatch_level3

SAP ≫ Business Client Version6.0 Updatepatch_level4

SAP ≫ Business Client Version6.0 Updatepatch_level5

SAP ≫ Business Client Version6.0 Updatepatch_level6

SAP ≫ Business Client Version6.0 Updatepatch_level7

SAP ≫ Business Client Version6.0 Updatepatch_level8

SAP ≫ Business Client Version6.0 Updatepatch_level9

SAP ≫ Business Client Version6.5 Update-

SAP ≫ Business Client Version6.5 Updatepatch_level1

SAP ≫ Business Client Version6.5 Updatepatch_level10

SAP ≫ Business Client Version6.5 Updatepatch_level11

SAP ≫ Business Client Version6.5 Updatepatch_level12

SAP ≫ Business Client Version6.5 Updatepatch_level13

SAP ≫ Business Client Version6.5 Updatepatch_level14

SAP ≫ Business Client Version6.5 Updatepatch_level15

SAP ≫ Business Client Version6.5 Updatepatch_level16

SAP ≫ Business Client Version6.5 Updatepatch_level17

SAP ≫ Business Client Version6.5 Updatepatch_level18

SAP ≫ Business Client Version6.5 Updatepatch_level19

SAP ≫ Business Client Version6.5 Updatepatch_level2

SAP ≫ Business Client Version6.5 Updatepatch_level3

SAP ≫ Business Client Version6.5 Updatepatch_level4

SAP ≫ Business Client Version6.5 Updatepatch_level5

SAP ≫ Business Client Version6.5 Updatepatch_level6

SAP ≫ Business Client Version6.5 Updatepatch_level7

SAP ≫ Business Client Version6.5 Updatepatch_level8

SAP ≫ Business Client Version6.5 Updatepatch_level9

SAP ≫ Business Client Version7.0 Update-

SAP ≫ Business Client Version7.0 Updatepatch_level1

SAP ≫ Business Client Version7.0 Updatepatch_level2

SAP ≫ Business Client Version7.0 Updatepatch_level3

SAP ≫ Business Client Version7.0 Updatepatch_level4

SAP ≫ Business Client Version7.0 Updatepatch_level5

SAP ≫ Business Client Version7.0 Updatepatch_level6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.13%	0.335

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N
cna@sap.com	5.3	1.6	3.6	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

CWE-354 Improper Validation of Integrity Check Value

The product does not validate or incorrectly validates the integrity check values or "checksums" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202

Vendor Advisory

https://launchpad.support.sap.com/#/notes/2866752

Vendor Advisory

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2020-6228

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-6228

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-6228

EUVD