PT-2020-19058 · Sap · Sap Netweaver As Java

Published

2020-06-10

Updated

2021-07-21

CVE-2020-6263

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SAP NetWeaver AS Java versions 7.00 through 7.50

Description The issue affects standalone clients connecting to SAP NetWeaver AS Java via P4 Protocol. These clients do not perform authentication checks for operations that require user identity, leading to an authentication bypass.

Recommendations For SAP NetWeaver AS Java versions 7.00 through 7.50, consider implementing additional authentication checks for operations that require user identity to prevent unauthorized access. As a temporary workaround, restrict access to sensitive operations until a proper fix is applied.

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2020-6263

Affected Products

Sap Netweaver As Java

PT-2020-19058 · Sap · Sap Netweaver As Java

CVE-2020-6263

Weakness Enumeration

Related Identifiers

Affected Products

References · 5