Vulnerability Details : CVE-2020-6280
SAP NetWeaver (ABAP Server) and ABAP Platform, versions 731, 740, 750, allows an attacker with admin privileges to access certain files which should otherwise be restricted, leading to Information Disclosure.
Vulnerability category: Information leak
Exploit prediction scoring system (EPSS) score for CVE-2020-6280
Probability of exploitation activity in the next 30 days: 0.05%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 21 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2020-6280
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST |
|
2.7
|
LOW | CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N |
1.2
|
1.4
|
SAP SE |
|
2.7
|
LOW | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N |
1.2
|
1.4
|
NIST |
References for CVE-2020-6280
-
https://launchpad.support.sap.com/#/notes/2927373
SAP ONE Support Launchpad: Log OnPermissions Required;Vendor Advisory
-
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552599675
SAP Security Patch Day – July 2020 - Product Security Response at SAP - Community WikiVendor Advisory
Products affected by CVE-2020-6280
- cpe:2.3:a:sap:abap_platform:7.50:*:*:*:*:*:*:*
- cpe:2.3:a:sap:abap_platform:7.31:*:*:*:*:*:*:*
- cpe:2.3:a:sap:abap_platform:7.40:*:*:*:*:*:*:*
- cpe:2.3:a:sap:netweaver_application_server_abap:750:*:*:*:*:*:*:*
- cpe:2.3:a:sap:netweaver_application_server_abap:731:*:*:*:*:*:*:*
- cpe:2.3:a:sap:netweaver_application_server_abap:740:*:*:*:*:*:*:*