PT-2020-5972 · Sap · Sap Netweaver As Java

Published

2020-08-11

Updated

2021-07-21

CVE-2020-6309

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions SAP NetWeaver AS JAVA versions 7.10 through 7.50

Description The issue is related to weaknesses in the authentication procedure of the ENGINEAPI component in the SAP NetWeaver Java Application Server. This can be exploited by a remote attacker to cause a denial of service. The vulnerability allows an attacker to send multiple payloads to a web service without authentication checks, leading to a complete denial of service.

Recommendations For SAP NetWeaver AS JAVA versions 7.10 through 7.50, consider restricting access to the ENGINEAPI component until a patch is available. As a temporary workaround, disabling the web service that allows unauthenticated access may help minimize the risk of exploitation.

Fix

Improper Authentication

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287CWE-306

Related Identifiers

BDU:2021-02161

CVE-2020-6309

Affected Products

Sap Netweaver As Java

PT-2020-5972 · Sap · Sap Netweaver As Java

CVE-2020-6309

Weakness Enumeration

Related Identifiers

Affected Products

References · 5