CVE-2020-6318

Name of the Vulnerable Software and Affected Versions SAP NetWeaver (ABAP Server) versions up to 7.40 ABAP Platform versions greater than 7.40

Description A Remote Code Execution issue exists, allowing an attacker to exploit the products via Code Injection. This can enable the attacker to take complete control of the products, including viewing, changing, or deleting data by injecting code into the working memory, which is subsequently executed by the application. It can also cause a general fault in the product, leading to termination.

Recommendations For SAP NetWeaver (ABAP Server) versions up to 7.40, update to a version above 7.40 to mitigate the risk. For ABAP Platform versions greater than 7.40, consider restricting access to sensitive areas of the application until a patch is available. As a temporary workaround, consider disabling code injection capabilities in the affected products until a patch is available.