Vulnerability Details : CVE-2020-6280
SAP NetWeaver (ABAP Server) and ABAP Platform, versions 731, 740, 750, allows an attacker with admin privileges to access certain files which should otherwise be restricted, leading to Information Disclosure.
Vulnerability category: Information leak
Products affected by CVE-2020-6280
- cpe:2.3:a:sap:abap_platform:7.50:*:*:*:*:*:*:*
- cpe:2.3:a:sap:abap_platform:7.31:*:*:*:*:*:*:*
- cpe:2.3:a:sap:abap_platform:7.40:*:*:*:*:*:*:*
- cpe:2.3:a:sap:netweaver_application_server_abap:750:*:*:*:*:*:*:*
- cpe:2.3:a:sap:netweaver_application_server_abap:731:*:*:*:*:*:*:*
- cpe:2.3:a:sap:netweaver_application_server_abap:740:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-6280
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 21 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-6280
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST | |
2.7
|
LOW | CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N |
1.2
|
1.4
|
SAP SE | |
2.7
|
LOW | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N |
1.2
|
1.4
|
NIST |
References for CVE-2020-6280
-
https://launchpad.support.sap.com/#/notes/2927373
SAP ONE Support Launchpad: Log OnPermissions Required;Vendor Advisory
-
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552599675
SAP Security Patch Day – July 2020 - Product Security Response at SAP - Community WikiVendor Advisory
Jump to