SAP NetWeaver AS JAVA, versions - (ENGINEAPI 7.10; WSRM 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; J2EE-FRMW 7.10, 7.11), does not perform any authentication checks for a web service allowing the attacker to send several payloads and leading to complete denial of service.
References
| Link | Resource |
|---|---|
| https://launchpad.support.sap.com/#/notes/2941315 | Permissions Required |
| https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
12 Apr 2021, 14:21
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:sap:netweaver:application_server_java:7.40:*:*:*:*:*:* cpe:2.3:a:sap:netweaver:application_server_java:7.31:*:*:*:*:*:* cpe:2.3:a:sap:netweaver:application_server_java:7.11:*:*:*:*:*:* cpe:2.3:a:sap:netweaver:application_server_java:7.20:*:*:*:*:*:* cpe:2.3:a:sap:netweaver:application_server_java:7.50:*:*:*:*:*:* cpe:2.3:a:sap:netweaver:application_server_java:7.30:*:*:*:*:*:* |
cpe:2.3:a:sap:netweaver_application_server_java:7.10:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_java:7.31:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_java:7.30:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_java:7.50:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_java:7.20:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_java:7.40:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_java:7.11:*:*:*:*:*:*:* |
Information
Published : 2020-08-12 14:15
Updated : 2023-12-10 13:27
NVD link : CVE-2020-6309
Mitre link : CVE-2020-6309
CVE.ORG link : CVE-2020-6309
JSON object : View
Products Affected
sap
- netweaver_application_server_java
CWE
CWE-306
Missing Authentication for Critical Function