CVE-2020-6224Log File Information Exposure in SE SAP Netweaver AS Java

CWE-532Log File Information ExposureCWE-200Sensitive Information Exposure3 documents3 sources
Severity
6.2MEDIUMNVD
EPSS
0.3%
top 50.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Netweaver AS JavaSAP Netweaver Application Server Java
Timeline
PublishedApr 14
Latest updateMay 24

Description

SAP NetWeaver AS Java (HTTP Service), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker with administrator privileges to access user sensitive data such as passwords in trace files, when the user logs in and sends request with login credentials, leading to Information Disclosure.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:NExploitability: 1.7 | Impact: 4.0

Affected Packages2 packages

CVEListV5sap_se/sap_netweaver_as_java< 7.10+6
NVDsap/netweaver_application7 versions+6

🔴Vulnerability Details

2
GHSA
GHSA-f9xm-gx32-3xcw: SAP NetWeaver AS Java (HTTP Service), versions 72022-05-24
CVEList
CVE-2020-6224: SAP NetWeaver AS Java (HTTP Service), versions 72020-04-14
CVE-2020-6224 — Log File Information Exposure | cvebase