CVE-2020-6282

Name of the Vulnerable Software and Affected Versions SAP NetWeaver AS JAVA (IIOP service) (SERVERCORE) versions 7.10 through 7.50 SAP NetWeaver AS JAVA (IIOP service) (CORE-TOOLS) versions 7.10 through 7.50

Description The issue allows an attacker to send a crafted request from a vulnerable web application, typically used to target internal systems behind firewalls that are normally inaccessible to an attacker from the external network, resulting in a Server-Side Request Forgery vulnerability.

Recommendations For SAP NetWeaver AS JAVA (IIOP service) (SERVERCORE) versions 7.10 through 7.50, consider disabling the IIOP service until a patch is available. For SAP NetWeaver AS JAVA (IIOP service) (CORE-TOOLS) versions 7.10 through 7.50, restrict access to the IIOP service to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.