CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2020-6287

Known Exploited (CISA KEV)CRITICAL
10.0
CVSS Severity Score
EPSS Score96.9890%
EPSS Percentile87.69th
Published2020年7月14日
Last Modified2025年10月31日

Vulnerability Description

SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create an administrative user, and therefore compromising Confidentiality, Integrity and Availability of the system, leading to Missing Authentication Check.

Affected Platforms (CPE)

📦
Sap

Netweaver Application Server Java

= 7.30
📦
Sap

Netweaver Application Server Java

= 7.31
📦
Sap

Netweaver Application Server Java

= 7.40
📦
Sap

Netweaver Application Server Java

= 7.50

References & Advisories

🔗 http://packetstormsecurity.com/files/162085/SAP-JAVA-Configuration-Task-Execution.html
🔗 http://seclists.org/fulldisclosure/2021/Apr/6
🔗 https://launchpad.support.sap.com/#/notes/2934135
🔗 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552599675
🔗 https://www.onapsis.com/recon-sap-cyber-security-vulnerability
🔗 http://packetstormsecurity.com/files/162085/SAP-JAVA-Configuration-Task-Execution.html
🔗 http://seclists.org/fulldisclosure/2021/Apr/6
🔗 https://launchpad.support.sap.com/#/notes/2934135

相關漏洞威脅

CVE-2010-532610.0

The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly before 7.3, does not require authentication, whic...

CVE-2019-03459.8

A remote unauthenticated attacker can abuse a web service in SAP NetWeaver Application Server for Java (Administrator System Overv...

CVE-2021-375359.8

SAP NetWeaver Application Server Java (JMS Connector Service) - versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform nece...

CVE-2019-03898.8

An administrator of SAP NetWeaver Application Server Java (J2EE-Framework), (corrected in versions 7.1, 7.2, 7.3, 7.31, 7.4, 7.5),...