CVE-2020-6263
published 2020-06-10CVE-2020-6263: Standalone clients connecting to SAP NetWeaver AS Java via P4 Protocol, versions (SAP-JEECOR 7.00, 7.01; SERVERCOR 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
Standalone clients connecting to SAP NetWeaver AS Java via P4 Protocol, versions (SAP-JEECOR 7.00, 7.01; SERVERCOR 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; CORE-TOOLS 7.00, 7.01, 7.02, 7.05, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50) do not perform any authentication checks for operations that require user identity leading to Authentication Bypass.
Affected
24 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sap | netweaver_application_server_java | — | — |
| sap | netweaver_application_server_java | — | — |
| sap | netweaver_application_server_java | — | — |
| sap | netweaver_application_server_java | — | — |
| sap | netweaver_application_server_java | — | — |
| sap | netweaver_application_server_java | — | — |
| sap | netweaver_application_server_java | — | — |
| sap | netweaver_application_server_java | — | — |
| sap | netweaver_application_server_java | — | — |
| sap | netweaver_application_server_java | — | — |
| sap | netweaver_application_server_java | — | — |
| sap_se | sap_netweaver_as_java | < SAP-JEECOR 7.00 | SAP-JEECOR 7.00 |
| sap_se | sap_netweaver_as_java | < 7.01 SERVERCOR 7.10 | 7.01 SERVERCOR 7.10 |
| sap_se | sap_netweaver_as_java | < 7.11 | 7.11 |
| sap_se | sap_netweaver_as_java | < 7.20 | 7.20 |
| sap_se | sap_netweaver_as_java | < 7.30 | 7.30 |
| sap_se | sap_netweaver_as_java | < 7.31 | 7.31 |
| sap_se | sap_netweaver_as_java | < 7.40 | 7.40 |
| sap_se | sap_netweaver_as_java | < 7.50 CORE-TOOLS 7.00 | 7.50 CORE-TOOLS 7.00 |
| sap_se | sap_netweaver_as_java | < 7.01 | 7.01 |
| sap_se | sap_netweaver_as_java | < 7.02 | 7.02 |
| sap_se | sap_netweaver_as_java | < 7.05 | 7.05 |
| sap_se | sap_netweaver_as_java | < 7.10 | 7.10 |
| sap_se | sap_netweaver_as_java | < 7.50 | 7.50 |