CVE-2020-6275 Information
Feb 14, 2021
cve
Description
SAP Netweaver AS ABAP versions 700 701 702 710 711 730 731 740 750 751 752 753 754 are vulnerable for Server Side Request Forgery Attack where in an attacker can use inappropriate path names containing malicious server names in the import/export of sessions functionality and coerce the web server into authenticating with the malicious server. Furthermore if NTLM is setup the attacker can compromise confidentiality integrity and availability of the SAP database.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Reference
https://launchpad.support.sap.com//notes/2912939 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
9.8
Share on: