CVE-2020-6296

CWE-94 — Code Injection3 documents3 sources

Severity

8.8HIGH

EPSS

0.6%

top 30.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Netweaver (abap Server) AND Abap Platform SAP Abap Platform SAP Netweaver Application Server Abap

Timeline

PublishedAug 12

Latest updateMay 24

Description

SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 753, 755, allows an attacker to inject code that can be executed by the application, leading to Code Injection. An attacker could thereby control the behavior of the application.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5sap_se/sap_netweaver_(abap_server)_and_abap_platform< 700+11

▶NVDsap/abap_platform11 versions+10

▶NVDsap/netweaver_application11 versions+10

🔴Vulnerability Details

GHSA

GHSA-x7q6-8p3j-gwjm: SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 753, 755, allows an attacker to inject cod↗2022-05-24

▶

CVEList

CVE-2020-6296: SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 753, 755, allows an attacker to inject cod↗2020-08-12

▶