Vulnerability Name: CVE-2020-6275 (CCN-183312) Assigned: 2020-06-09 Published: 2020-06-09 Updated: 2022-10-05 Summary: SAP Netweaver AS ABAP, versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, are vulnerable for Server Side Request Forgery Attack where in an attacker can use inappropriate path names containing malicious server names in the import/export of sessions functionality and coerce the web server into authenticating with the malicious server. Furthermore, if NTLM is setup the attacker can compromise confidentiality, integrity and availability of the SAP database. CVSS v3 Severity: 9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
6.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:H 6.0 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): AdjacentAttack Complexity (AC): LowPrivileges Required (PR): HighUser Interaction (UI): NoneScope: Scope (S): ChangedImpact Metrics: Confidentiality (C): LowIntegrity (I): NoneAvailibility (A): High
CVSS v2 Severity: 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
6.2 Medium (CCN CVSS v2 Vector: AV:A/AC:L/Au:S/C:P/I:N/A:C Exploitability Metrics: Access Vector (AV): Adjacent_NetworkAccess Complexity (AC): LowAthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): PartialIntegrity (I): NoneAvailibility (A): Complete
Vulnerability Type: CWE-918 Vulnerability Consequences: Gain Access References: Source: MITRECVE-2020-6275 sap-cve20206275-ssrf(183312) SAP Support Note 2912939 https://launchpad.support.sap.com/#/notes/2912939 SAP Security Patch Day June 2020 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775 Vulnerable Configuration: Configuration 1 :cpe:/a:sap:netweaver_application_server_abap:702:*:*:*:*:*:*:* OR cpe:/a:sap:netweaver_application_server_abap:750:*:*:*:*:*:*:* OR cpe:/a:sap:netweaver_application_server_abap:752:*:*:*:*:*:*:* OR cpe:/a:sap:netweaver_application_server_abap:753:*:*:*:*:*:*:* OR cpe:/a:sap:netweaver_application_server_abap:754:*:*:*:*:*:*:* OR cpe:/a:sap:netweaver_application_server_abap:700:*:*:*:*:*:*:* OR cpe:/a:sap:netweaver_application_server_abap:710:*:*:*:*:*:*:* OR cpe:/a:sap:netweaver_application_server_abap:730:*:*:*:*:*:*:* OR cpe:/a:sap:netweaver_application_server_abap:731:*:*:*:*:*:*:* OR cpe:/a:sap:netweaver_application_server_abap:701:*:*:*:*:*:*:* OR cpe:/a:sap:netweaver_application_server_abap:711:*:*:*:*:*:*:* OR cpe:/a:sap:netweaver_application_server_abap:740:*:*:*:*:*:*:* OR cpe:/a:sap:netweaver_application_server_abap:751:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:sap:netweaver_as_abap:700:*:*:*:*:*:*:* OR cpe:/a:sap:netweaver_as_abap:730:*:*:*:*:*:*:* OR cpe:/a:sap:netweaver_as_abap:731:*:*:*:*:*:*:* OR cpe:/a:sap:netweaver_as_abap:750:*:*:*:*:*:*:* OR cpe:/a:sap:netweaver_as_abap:752:*:*:*:*:*:*:* OR cpe:/a:sap:netweaver_as_abap:753:*:*:*:*:*:*:* OR cpe:/a:sap:netweaver_as_abap:754:*:*:*:*:*:*:* OR cpe:/a:sap:netweaver_as_abap:710:*:*:*:*:*:*:* BACK
sap netweaver application server abap 702
sap netweaver application server abap 750
sap netweaver application server abap 752
sap netweaver application server abap 753
sap netweaver application server abap 754
sap netweaver application server abap 700
sap netweaver application server abap 710
sap netweaver application server abap 730
sap netweaver application server abap 731
sap netweaver application server abap 701
sap netweaver application server abap 711
sap netweaver application server abap 740
sap netweaver application server abap 751
sap netweaver as abap 700
sap netweaver as abap 730
sap netweaver as abap 731
sap netweaver as abap 750
sap netweaver as abap 752
sap netweaver as abap 753
sap netweaver as abap 754
sap netweaver as abap 710
Denotes that component is vulnerable