CVE-2020-6275

Name of the Vulnerable Software and Affected Versions SAP Netweaver AS ABAP versions 700 through 754

Description The issue allows an attacker to perform a Server Side Request Forgery Attack by using inappropriate path names containing malicious server names in the import/export of sessions functionality. This can coerce the web server into authenticating with the malicious server. If NTLM is set up, the attacker can compromise the confidentiality, integrity, and availability of the SAP database.

Recommendations For SAP Netweaver AS ABAP versions 700 through 754, consider restricting the import/export of sessions functionality to prevent the use of malicious server names until a patch is available. As a temporary workaround, review and secure NTLM setup to minimize the risk of exploitation.