9.1
CVE-2020-6318
- EPSS 6.13%
- Veröffentlicht 09.09.2020 13:15:12
- Zuletzt bearbeitet 21.11.2024 05:35:29
- Quelle cna@sap.com
- Teams Watchlist Login
- Unerledigt Login
A Remote Code Execution vulnerability exists in the SAP NetWeaver (ABAP Server, up to release 7.40) and ABAP Platform (> release 7.40).Because of this, an attacker can exploit these products via Code Injection, and potentially enabling to take complete control of the products, including viewing, changing, or deleting data by injecting code into the working memory which is subsequently executed by the application. It can also be used to cause a general fault in the product, causing the products to terminate.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SAP ≫ Abap Platform Version700
SAP ≫ Abap Platform Version701
SAP ≫ Abap Platform Version702
SAP ≫ Abap Platform Version710
SAP ≫ Abap Platform Version711
SAP ≫ Abap Platform Version730
SAP ≫ Abap Platform Version731
SAP ≫ Abap Platform Version740
SAP ≫ Abap Platform Version750
SAP ≫ Abap Platform Version751
SAP ≫ Abap Platform Version753
SAP ≫ Abap Platform Version754
SAP ≫ Abap Platform Version755
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 6.13% | 0.904 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
| cna@sap.com | 9.1 | 2.3 | 6 |
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
|
CWE-94 Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.