Remote Code Execution Vulnerability in SAP NetWeaver AS Java
CVE-2020-6365

4.7MEDIUM

Key Information:

Vendor
SAP
Vendor
CVE Published:
15 October 2020

Summary

A significant vulnerability exists within the SAP NetWeaver AS Java where insufficient validation of URLs allows an unauthenticated remote attacker to redirect users to malicious websites. This flaw enables attackers to carry out phishing attacks aimed at stealing user credentials or directing victims to pages harboring malware. The risk is elevated as it affects multiple versions of SAP NetWeaver AS Java, creating opportunities for exploitation if not addressed promptly.

Affected Version(s)

SAP NetWeaver Application Server Java < 7.10 < 7.10

SAP NetWeaver Application Server Java < 7.11 < 7.11

SAP NetWeaver Application Server Java < 7.20 < 7.20

References

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.