CVE-2020-6280

EPSS 0.23%
Published 14.07.2020 13:15:12
Last modified 21.11.2024 05:35:25
Source cna@sap.com
Teams watchlist Login
Open Login

SAP NetWeaver (ABAP Server) and ABAP Platform, versions 731, 740, 750, allows an attacker with admin privileges to access certain files which should otherwise be restricted, leading to Information Disclosure.

Affected products Warnungen 0 Metrics 4 CWE 0 References 5

Data is provided by the National Vulnerability Database (NVD)

SAP ≫ Abap Platform Version7.31

SAP ≫ Abap Platform Version7.40

SAP ≫ Abap Platform Version7.50

SAP ≫ Netweaver Application Server Abap Version731

SAP ≫ Netweaver Application Server Abap Version740

SAP ≫ Netweaver Application Server Abap Version750

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.23%	0.46

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	2.7	1.2	1.4	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N
cna@sap.com	2.7	1.2	1.4	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552599675

Vendor Advisory

https://launchpad.support.sap.com/#/notes/2927373

Vendor Advisory

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2020-6280

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-6280

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-6280

EUVD