PT-2020-19057 · Sap · Abap Application Server
Published
2020-05-12
·
Updated
2021-07-21
·
CVE-2020-6262
CVSS v3.1
9.9
Critical
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SAP Application Server ABAP (ST-PI) versions prior to 2008 1 46C
SAP Application Server ABAP (ST-PI) versions prior to 2008 1 620
SAP Application Server ABAP (ST-PI) versions prior to 2008 1 640
SAP Application Server ABAP (ST-PI) versions prior to 2008 1 700
SAP Application Server ABAP (ST-PI) versions prior to 2008 1 710
SAP Application Server ABAP (ST-PI) versions prior to 740
Description
The issue allows an attacker to inject code that can be executed by the application, potentially controlling the behavior of the application and the whole ABAP system, leading to code injection.
Recommendations
For versions prior to 2008 1 46C, update to version 2008 1 46C or later.
For versions prior to 2008 1 620, update to version 2008 1 620 or later.
For versions prior to 2008 1 640, update to version 2008 1 640 or later.
For versions prior to 2008 1 700, update to version 2008 1 700 or later.
For versions prior to 2008 1 710, update to version 2008 1 710 or later.
For versions prior to 740, update to version 740 or later.
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Abap Application Server