← Voltar para CVEs
CVE-2020-6287
CRITICALCISA KEV10.0
Descricao
SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create an administrative user, and therefore compromising Confidentiality, Integrity and Availability of the system, leading to Missing Authentication Check.
Detalhes CVE
Pontuacao CVSS v3.110.0
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado7/14/2020
Ultima modificacao10/31/2025
Fontekev
Avistamentos honeypot0
CISA KEV
FornecedorSAP
ProdutoNetWeaver
Nome da vulnerabilidadeSAP NetWeaver Missing Authentication for Critical Function Vulnerability
Data inclusao KEV2021-11-03
Prazo de remediacao2022-05-03
Uso em ransomwareUnknown
Produtos afetados
sap:netweaver_application_server_java
Fraquezas (CWE)
CWE-306CWE-306
Referencias
http://seclists.org/fulldisclosure/2021/Apr/6(cna@sap.com)
https://launchpad.support.sap.com/#/notes/2934135(cna@sap.com)
http://packetstormsecurity.com/files/162085/SAP-JAVA-Configuration-Task-Execution.html(af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2021/Apr/6(af854a3a-2127-422b-91ae-364da2661108)
https://launchpad.support.sap.com/#/notes/2934135(af854a3a-2127-422b-91ae-364da2661108)
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552599675(af854a3a-2127-422b-91ae-364da2661108)
https://www.onapsis.com/recon-sap-cyber-security-vulnerability(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-6287(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.