CyberSec.Space Logo
Back to CVE Browser

CVE-2020-6318

HIGH
7.2
CVSS Severity Score
EPSS Score0.1290%
EPSS Percentile30.46th
PublishedSep 9, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

A Remote Code Execution vulnerability exists in the SAP NetWeaver (ABAP Server, up to release 7.40) and ABAP Platform (> release 7.40).Because of this, an attacker can exploit these products via Code Injection, and potentially enabling to take complete control of the products, including viewing, changing, or deleting data by injecting code into the working memory which is subsequently executed by the application. It can also be used to cause a general fault in the product, causing the products to terminate.

Affected Platforms (CPE)

πŸ“¦
Sap

Abap Platform

= 700
πŸ“¦
Sap

Abap Platform

= 701
πŸ“¦
Sap

Abap Platform

= 702
πŸ“¦
Sap

Abap Platform

= 710
πŸ“¦
Sap

Abap Platform

= 711
πŸ“¦
Sap

Abap Platform

= 730
πŸ“¦
Sap

Abap Platform

= 731
πŸ“¦
Sap

Abap Platform

= 740
πŸ“¦
Sap

Abap Platform

= 750
πŸ“¦
Sap

Abap Platform

= 751
πŸ“¦
Sap

Abap Platform

= 753
πŸ“¦
Sap

Abap Platform

= 754
πŸ“¦
Sap

Abap Platform

= 755

References & Advisories

πŸ”— http://packetstormsecurity.com/files/167229/SAP-Application-Server-ABAP-ABAP-Platform-Code-Injection-SQL-Injection-Missing-Authorization.html
πŸ”— http://seclists.org/fulldisclosure/2022/May/42
πŸ”— https://launchpad.support.sap.com/#/notes/2958563
πŸ”— https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700
πŸ”— http://packetstormsecurity.com/files/167229/SAP-Application-Server-ABAP-ABAP-Platform-Code-Injection-SQL-Injection-Missing-Authorization.html
πŸ”— http://seclists.org/fulldisclosure/2022/May/42
πŸ”— https://launchpad.support.sap.com/#/notes/2958563
πŸ”— https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700

Related Vulnerabilities

CVE-2019-03049.8

FTP Function of SAP NetWeaver AS ABAP Platform, versions- KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7....

CVE-2021-276109.8

SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 804, does not creat...

CVE-2019-02578.8

Customizing functionality of SAP NetWeaver AS ABAP Platform (fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7....

CVE-2019-02708.8

ABAP Server of SAP NetWeaver and ABAP Platform fail to perform necessary authorization checks for an authenticated user, resulting...