CVE-2020-6239

CWE-522Insufficiently Protected CredentialsCWE-200Information Exposure3 documents3 sources
Severity
4.4MEDIUM
EPSS
0.0%
top 90.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Business ONE (backup Service)SAP Business ONE
Timeline
PublishedJun 10
Latest updateMay 24

Description

Under certain conditions SAP Business One (Backup service), versions 9.3, 10.0, allows an attacker with admin permissions to view SYSTEM user password in clear text, leading to Information Disclosure.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 0.8 | Impact: 3.6

Affected Packages2 packages

NVDsap/business_one10.0, 9.3+1

🔴Vulnerability Details

2
GHSA
GHSA-rcpp-h3p8-h5v5: Under certain conditions SAP Business One (Backup service), versions 92022-05-24
CVEList
CVE-2020-6239: Under certain conditions SAP Business One (Backup service), versions 92020-06-10
CVE-2020-6239 (MEDIUM CVSS 4.4) | Under certain conditions SAP Busine | cvebase.io