CVE-2020-6299

Name of the Vulnerable Software and Affected Versions SAP NetWeaver (ABAP Server) and ABAP Platform versions 740, 750, 751, 752, 753, 754, 755

Description The issue allows a business user to access the list of users in the given system using value help, leading to Information Disclosure. It is related to the lack of protection of service data in the SAP NetWeaver platform. Exploitation of the issue may allow a remote attacker to obtain access to the list of users in the system with the help of value help.

Recommendations For versions 740, 750, 751, 752, 753, 754, 755, consider restricting access to the value help feature to minimize the risk of information disclosure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.