CVE-2020-6318

CWE-94Code Injection4 documents4 sources
Severity
7.2HIGH
EPSS
6.1%
top 9.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Netweaver (abap Server) AND Abap PlatformSAP Abap Platform
Timeline
PublishedSep 9
Latest updateMay 24

Description

A Remote Code Execution vulnerability exists in the SAP NetWeaver (ABAP Server, up to release 7.40) and ABAP Platform (> release 7.40).Because of this, an attacker can exploit these products via Code Injection, and potentially enabling to take complete control of the products, including viewing, changing, or deleting data by injecting code into the working memory which is subsequently executed by the application. It can also be used to cause a general fault in the product, causing the products t

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

NVDsap/abap_platform13 versions+12

🔴Vulnerability Details

3
GHSA
GHSA-rppr-4h7c-mc9c: A Remote Code Execution vulnerability exists in the SAP NetWeaver (ABAP Server, up to release 72022-05-24
CVEList
CVE-2020-6318: A Remote Code Execution vulnerability exists in the SAP NetWeaver (ABAP Server, up to release 72020-09-09
OSV
sane-backends vulnerabilities2020-08-24
CVE-2020-6318 (HIGH CVSS 7.2) | A Remote Code Execution vulnerabili | cvebase.io