CVE-2020-6320

{"id": "CVE-2020-6320", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "cna@sap.com", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 9.6, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.8, "exploitabilityScore": 3.1}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.8}]}, "published": "2020-09-09T13:15:12.130", "references": [{"url": "https://launchpad.support.sap.com/#/notes/2961991", "tags": ["Permissions Required"], "source": "cna@sap.com"}, {"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700", "tags": ["Vendor Advisory"], "source": "cna@sap.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "SAP Marketing (Servlet), version-130,140,150, allows an authenticated attacker to invoke certain functions that are restricted. Limited knowledge of payload is required for an attacker to exploit the vulnerability and perform tasks related to contact and interaction data which impacts Confidentiality and Integrity of data in the application."}, {"lang": "es", "value": "SAP Marketing (Servlet), versi\u00f3n 130,140,150, permite a un atacante autenticado invocar determinadas funciones que est\u00e1n restringidas. Un conocimiento limitado de la carga \u00fatil es requerido para que un atacante explote la vulnerabilidad y lleve a cabo tareas relacionadas con los datos de contacto e interacci\u00f3n que afectan la Confidencialidad y la Integridad de los datos en la aplicaci\u00f3n."}], "lastModified": "2021-07-21T11:39:23.747", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:marketing:130:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "55DA5840-6B84-4FF9-9664-71B010ADA326"}, {"criteria": "cpe:2.3:a:sap:marketing:140:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B1B91293-3048-40D4-9965-D39DDB7D54A2"}, {"criteria": "cpe:2.3:a:sap:marketing:150:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC26B263-A573-46AF-A30E-DF2947F8DEAA"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}