CVE-2020-6287 Information

Description

SAP NetWeaver AS JAVA (LM Configuration Wizard) versions - 7.30 7.31 7.40 7.50 does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system including the ability to create an administrative user and therefore compromising Confidentiality Integrity and Availability of the system leading to Missing Authentication Check.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Reference

https://launchpad.support.sap.com//notes/2934135 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552599675 https://www.onapsis.com/recon-sap-cyber-security-vulnerability

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

CHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

10.0