CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-6313
https://notcve.org/view.php?id=CVE-2020-6313
SAP NetWeaver Application Server JAVA(XML Forms) versions 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user controlled inputs, which allows an authenticated User with special roles to store malicious content, that when accessed by a victim, can perform malicious actions by executing JavaScript, leading to Stored Cross-Site Scripting. SAP NetWeaver Application Server JAVA(XML Forms) versiones 7.30, 7.31, 7.40, 7.50, no codifican suficientemente las entradas controladas por el usuario, lo que permite a un Usuario autenticado con roles especiales almacenar contenido malicioso, que cuando accesaba una víctima, puede llevar a cabo acciones maliciosas al ejecutar un JavaScript, conllevando a una vulnerabilidad de tipo Cross-Site Scripting Almacenado. • https://launchpad.support.sap.com/#/notes/2953112 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-116: Improper Encoding or Escaping of Output •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2020-6309
https://notcve.org/view.php?id=CVE-2020-6309
SAP NetWeaver AS JAVA, versions - (ENGINEAPI 7.10; WSRM 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; J2EE-FRMW 7.10, 7.11), does not perform any authentication checks for a web service allowing the attacker to send several payloads and leading to complete denial of service. SAP NetWeaver AS JAVA, versiones - (ENGINEAPI 7.10; WSRM 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; J2EE-FRMW 7.10, 7.11), no lleva a cabo ninguna comprobación de autenticación para un servicio web permitiendo al atacante enviar varias cargas útiles y conllevando a una denegación total del servicio • https://launchpad.support.sap.com/#/notes/2941315 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345 • CWE-306: Missing Authentication for Critical Function •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 1CVE-2020-6286
https://notcve.org/view.php?id=CVE-2020-6286
The insufficient input path validation of certain parameter in the web service of SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to exploit a method to download zip files to a specific directory, leading to Path Traversal. La comprobación insuficiente de la ruta de entrada de determinados parámetros en el servicio web de SAP NetWeaver AS JAVA (LM Configuration Wizard), versiones 7.30, 7.31, 7.40, 7.50, permite a un atacante no autenticado explotar un método para descargar archivos zip hacia un directorio específico, conllevando a un Salto de Ruta • https://github.com/murataydemir/CVE-2020-6286 https://launchpad.support.sap.com/#/notes/2934135 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552599675 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.8EPSS: 0%CPEs: 7EXPL: 0CVE-2020-6282
https://notcve.org/view.php?id=CVE-2020-6282
SAP NetWeaver AS JAVA (IIOP service) (SERVERCORE), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, and SAP NetWeaver AS JAVA (IIOP service) (CORE-TOOLS), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send a crafted request from a vulnerable web application. It is usually used to target internal systems behind firewalls that are normally inaccessible to an attacker from the external network, resulting in a Server-Side Request Forgery vulnerability. SAP NetWeaver AS JAVA (servicio IIOP) (SERVERCORE), versiones 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, y SAP NetWeaver AS JAVA (servicio IIOP) (CORE-TOOLS), versiones 7.10, 7.11, 7.20, 7.30 , 7.31, 7.40, 7.50, permite a un atacante enviar una petición diseñada desde una aplicación web vulnerable. Normalmente es usada para apuntar a sistemas internos detrás de los firewalls que normalmente son inaccesibles a un atacante desde la red externa, resultando en una vulnerabilidad de tipo Server-Side Request Forgery • https://launchpad.support.sap.com/#/notes/2896025 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552599675 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 10.0EPSS: 97%CPEs: 4EXPL: 3CVE-2020-6287 – SAP NetWeaver Missing Authentication for Critical Function Vulnerability
https://notcve.org/view.php?id=CVE-2020-6287
SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create an administrative user, and therefore compromising Confidentiality, Integrity and Availability of the system, leading to Missing Authentication Check. SAP NetWeaver AS JAVA (LM Configuration Wizard), versiones 7.30, 7.31, 7.40, 7.50, no lleva a cabo una comprobación de autenticación que permite a un atacante sin autenticación previa ejecutar tareas de configuración para llevar a cabo acciones críticas contra el sistema SAP Java, incluyendo la capacidad para crear un usuario administrativo y, por lo tanto, comprometiendo la Confidencialidad, Integridad y la Disponibilidad del sistema, conllevando a una Falta de Comprobación de Autenticación SAP NetWeaver Application Server Java Platforms contains a missing authentication for critical function vulnerability allowing unauthenticated access to execute configuration tasks and create administrative users. • https://github.com/duc-nt/CVE-2020-6287-exploit https://github.com/murataydemir/CVE-2020-6287 https://github.com/ynsmroztas/CVE-2020-6287-Sap-Add-User http://packetstormsecurity.com/files/162085/SAP-JAVA-Configuration-Task-Execution.html http://seclists.org/fulldisclosure/2021/Apr/6 https://launchpad.support.sap.com/#/notes/2934135 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552599675 https://www.onapsis.com/recon-sap-cyber-security-vulnerability - • CWE-306: Missing Authentication for Critical Function •