9.8
CVE-2020-6263
- EPSS 0.22%
- Published 10.06.2020 13:15:18
- Last modified 21.11.2024 05:35:24
- Source cna@sap.com
- Teams watchlist Login
- Open Login
Standalone clients connecting to SAP NetWeaver AS Java via P4 Protocol, versions (SAP-JEECOR 7.00, 7.01; SERVERCOR 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; CORE-TOOLS 7.00, 7.01, 7.02, 7.05, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50) do not perform any authentication checks for operations that require user identity leading to Authentication Bypass.
Data is provided by the National Vulnerability Database (NVD)
SAP ≫ Netweaver Application Server Java Version7.00
SAP ≫ Netweaver Application Server Java Version7.01
SAP ≫ Netweaver Application Server Java Version7.02
SAP ≫ Netweaver Application Server Java Version7.05
SAP ≫ Netweaver Application Server Java Version7.10
SAP ≫ Netweaver Application Server Java Version7.11
SAP ≫ Netweaver Application Server Java Version7.20
SAP ≫ Netweaver Application Server Java Version7.30
SAP ≫ Netweaver Application Server Java Version7.31
SAP ≫ Netweaver Application Server Java Version7.40
SAP ≫ Netweaver Application Server Java Version7.50
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.22% | 0.422 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| cna@sap.com | 6.9 | 1.7 | 4.7 |
CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:H
|
CWE-306 Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.