CVE-2020-6190

CWE-200 — Information Exposure3 documents3 sources

Severity

5.8MEDIUM

EPSS

0.3%

top 50.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Netweaver AS Java (heap Dump Application)SAP Netweaver Application Server Java

Timeline

PublishedFeb 12

Latest updateMay 24

Description

Certain vulnerable endpoints in SAP NetWeaver AS Java (Heap Dump Application), versions 7.30, 7.31, 7.40, 7.50, provide valuable information about the system like hostname, server node and installation path that could be misused by an attacker leading to Information Disclosure.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5sap_se/sap_netweaver_as_java_(heap_dump_application)4 versions+3

▶NVDsap/netweaver_application4 versions+3

🔴Vulnerability Details

GHSA

GHSA-p5jp-pq7c-j82g: Certain vulnerable endpoints in SAP NetWeaver AS Java (Heap Dump Application), versions 7↗2022-05-24

▶

CVEList

CVE-2020-6190: Certain vulnerable endpoints in SAP NetWeaver AS Java (Heap Dump Application), versions 7↗2020-02-12

▶