Home

CVE-2020-6275

Description

SAP Netweaver AS ABAP, versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, are vulnerable for Server Side Request Forgery Attack where in an attacker can use inappropriate path names containing malicious server names in the import/export of sessions functionality and coerce the web server into authenticating with the malicious server. Furthermore, if NTLM is setup the attacker can compromise confidentiality, integrity and availability of the SAP database.

Risk Information

Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.46

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in SAP NetWeaver Application Server ABAP 731Windows
Multiple Vulnerabilities are affected in SAP NetWeaver Application Server ABAP 740Windows
Multiple Vulnerabilities are affected in SAP NetWeaver Application Server ABAPWindows
Multiple Vulnerabilities are affected in SAP NetWeaver Application Server ABAP 751Windows
Multiple Vulnerabilities are affected in SAP NetWeaver Application Server ABAP 752Windows
Multiple Vulnerabilities are affected in SAP NetWeaver Application Server ABAP 753Windows
Multiple Vulnerabilities are affected in SAP NetWeaver Application Server ABAP 754Windows
Multiple Vulnerabilities are affected in SAP NetWeaver Application Server ABAP 700Windows
Multiple Vulnerabilities are affected in SAP NetWeaver Application Server ABAP 710Windows
Multiple Vulnerabilities are affected in SAP NetWeaver Application Server ABAP 730Windows
Multiple Vulnerabilities are affected in SAP NetWeaver Application Server ABAP 711Windows
Multiple Vulnerabilities are affected in SAP NetWeaver Application Server ABAPWindows
Multiple Vulnerabilities are affected in SAP NetWeaver Application Server ABAP 702Windows
Multiple Vulnerabilities are affected in SAP NetWeaver and ABAP platform (ST-PI) 710Windows
Multiple Vulnerabilities are affected in SAP NetWeaver and ABAP platform (ST-PI) 711Windows
Multiple Vulnerabilities are affected in SAP NetWeaver and ABAP platform (ST-PI) 730Windows

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234