CVE-2020-6215

CWE-601 — Open Redirect3 documents3 sources

Severity

6.1MEDIUM

EPSS

0.4%

top 39.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Netweaver AS Abap (business Server Pages Test Application It00)SAP Netweaver AS Abap Business Server Pages

Timeline

PublishedApr 14

Latest updateMay 24

Description

SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, allows an attacker to redirect users to a malicious site due to insufficient URL validation and steal credentials of the victim, leading to URL Redirection vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5sap_se/sap_netweaver_as_abap_(business_server_pages_test_application_it00)< 700+10

▶NVDsap/netweaver_as_abap_business11 versions+10

🔴Vulnerability Details

GHSA

GHSA-pgg5-qq33-fx32: SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, allows an attacker↗2022-05-24

▶

CVEList

CVE-2020-6215: SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, allows an attacker↗2020-04-14

▶