9.8
CVE-2020-6263
- EPSS 0.22%
- Veröffentlicht 10.06.2020 13:15:18
- Zuletzt bearbeitet 21.11.2024 05:35:24
- Quelle cna@sap.com
- CVE-Watchlists
- Unerledigt
LoginStandalone clients connecting to SAP NetWeaver AS Java via P4 Protocol, versions (SAP-JEECOR 7.00, 7.01; SERVERCOR 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; CORE-TOOLS 7.00, 7.01, 7.02, 7.05, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50) do not perform any authentication checks for operations that require user identity leading to Authentication Bypass.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SAP ≫ Netweaver Application Server Java Version7.00
SAP ≫ Netweaver Application Server Java Version7.01
SAP ≫ Netweaver Application Server Java Version7.02
SAP ≫ Netweaver Application Server Java Version7.05
SAP ≫ Netweaver Application Server Java Version7.10
SAP ≫ Netweaver Application Server Java Version7.11
SAP ≫ Netweaver Application Server Java Version7.20
SAP ≫ Netweaver Application Server Java Version7.30
SAP ≫ Netweaver Application Server Java Version7.31
SAP ≫ Netweaver Application Server Java Version7.40
SAP ≫ Netweaver Application Server Java Version7.50
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.22% | 0.422 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| cna@sap.com | 6.9 | 1.7 | 4.7 |
CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:H
|
CWE-306 Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.