9.1
CVE-2020-6318
- EPSS 6.13%
- Published 09.09.2020 13:15:12
- Last modified 21.11.2024 05:35:29
- Source cna@sap.com
- Teams watchlist Login
- Open Login
A Remote Code Execution vulnerability exists in the SAP NetWeaver (ABAP Server, up to release 7.40) and ABAP Platform (> release 7.40).Because of this, an attacker can exploit these products via Code Injection, and potentially enabling to take complete control of the products, including viewing, changing, or deleting data by injecting code into the working memory which is subsequently executed by the application. It can also be used to cause a general fault in the product, causing the products to terminate.
Data is provided by the National Vulnerability Database (NVD)
SAP ≫ Abap Platform Version700
SAP ≫ Abap Platform Version701
SAP ≫ Abap Platform Version702
SAP ≫ Abap Platform Version710
SAP ≫ Abap Platform Version711
SAP ≫ Abap Platform Version730
SAP ≫ Abap Platform Version731
SAP ≫ Abap Platform Version740
SAP ≫ Abap Platform Version750
SAP ≫ Abap Platform Version751
SAP ≫ Abap Platform Version753
SAP ≫ Abap Platform Version754
SAP ≫ Abap Platform Version755
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 6.13% | 0.904 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
| cna@sap.com | 9.1 | 2.3 | 6 |
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
|
CWE-94 Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.