CVE-2020-6280

CWE-200 — Information Exposure3 documents3 sources

Severity

2.7LOW

EPSS

0.2%

top 53.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Netweaver (abap Server) AND Abap Platform SAP Abap Platform SAP Netweaver Application Server Abap

Timeline

PublishedJul 14

Latest updateMay 24

Description

SAP NetWeaver (ABAP Server) and ABAP Platform, versions 731, 740, 750, allows an attacker with admin privileges to access certain files which should otherwise be restricted, leading to Information Disclosure.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:NExploitability: 1.2 | Impact: 1.4

Affected Packages3 packages

▶CVEListV5sap_se/sap_netweaver_(abap_server)_and_abap_platform< 731+2

▶NVDsap/abap_platform7.31, 7.40, 7.50+2

▶NVDsap/netweaver_application731, 740, 750+2

🔴Vulnerability Details

GHSA

GHSA-x67h-jqrj-8587: SAP NetWeaver (ABAP Server) and ABAP Platform, versions 731, 740, 750, allows an attacker with admin privileges to access certain files which should o↗2022-05-24

▶

CVEList

CVE-2020-6280: SAP NetWeaver (ABAP Server) and ABAP Platform, versions 731, 740, 750, allows an attacker with admin privileges to access certain files which should o↗2020-07-14

▶