CVE-2020-6310

Name of the Vulnerable Software and Affected Versions SAP NetWeaver (ABAP Server) and ABAP Platform versions 702, 730, 731, 740, 750

Description The issue is related to improper access control in the SOA Configuration Trace component, allowing any authenticated user to enumerate all SAP users. This leads to information disclosure. The vulnerability is also described as a lack of protection for service data, which can be exploited by a remote attacker to disclose protected information.

Recommendations For versions 702, 730, 731, 740, 750, consider restricting access to the SOA Configuration Trace component to minimize the risk of exploitation. As a temporary workaround, consider disabling the enumeration of SAP users until a patch is available. Restrict access to service data to prevent remote attackers from disclosing protected information. At the moment, there is no information about a newer version that contains a fix for this vulnerability.