CVE-2020-6285Sensitive Information Exposure in SE SAP Netweaver XML Toolkit FOR Java

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
0.3%
top 50.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Netweaver XML Toolkit FOR JavaSAP Netweaver
Timeline
PublishedJul 14
Latest updateMay 24

Description

SAP NetWeaver - XML Toolkit for JAVA (ENGINEAPI) (versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50), under certain conditions allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDsap/netweaver7 versions+6

🔴Vulnerability Details

2
GHSA
GHSA-h23m-44mr-9m6c: SAP NetWeaver - XML Toolkit for JAVA (ENGINEAPI) (versions- 72022-05-24
CVEList
CVE-2020-6285: SAP NetWeaver - XML Toolkit for JAVA (ENGINEAPI) (versions- 72020-07-14
CVE-2020-6285 — Sensitive Information Exposure | cvebase