CVE-2020-6181 — SE SAP Abap Platform vulnerability

3 documents3 sources

Severity

5.8MEDIUMNVD

EPSS

0.3%

top 46.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Abap Platform SAP SE SAP Netweaver SAP Abap Platform +1 more

Timeline

PublishedFeb 12

Latest updateMay 24

Description

Under some circumstances the SAML SSO implementation in the SAP NetWeaver (SAP_BASIS versions 702, 730, 731, 740 and SAP ABAP Platform (SAP_BASIS versions 750, 751, 752, 753, 754), allows an attacker to include invalidated data in the HTTP response header sent to a Web user, leading to HTTP Response Splitting vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages4 packages

▶NVDsap/abap_platform5 versions+4

▶CVEListV5sap_se/sap_abap_platform5 versions+4

▶NVDsap/netweaver4 versions+3

▶CVEListV5sap_se/sap_netweaver4 versions+3

🔴Vulnerability Details

GHSA

GHSA-h7pq-vvp4-rh72: Under some circumstances the SAML SSO implementation in the SAP NetWeaver (SAP_BASIS versions 702, 730, 731, 740 and SAP ABAP Platform (SAP_BASIS vers↗2022-05-24

▶

CVEList

CVE-2020-6181: Under some circumstances the SAML SSO implementation in the SAP NetWeaver (SAP_BASIS versions 702, 730, 731, 740 and SAP ABAP Platform (SAP_BASIS vers↗2020-02-12

▶