Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2020-6287 | First vendor Publication | 2020-07-14 |
Vendor | Cve | Last vendor Modification | 2022-04-28 |
Security-Database Scoring CVSS v3
Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H | |||
---|---|---|---|
Overall CVSS Score | 10 | ||
Base Score | 10 | Environmental Score | 10 |
impact SubScore | 6 | Temporal Score | 10 |
Exploitabality Sub Score | 3.9 | ||
Attack Vector | Network | Attack Complexity | Low |
Privileges Required | None | User Interaction | None |
Scope | Changed | Confidentiality Impact | High |
Integrity Impact | High | Availability Impact | High |
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create an administrative user, and therefore compromising Confidentiality, Integrity and Availability of the system, leading to Missing Authentication Check. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6287 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-306 | Missing Authentication for Critical Function (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 4 |
Snort® IPS/IDS
Date | Description |
---|---|
2020-09-02 | SAP NetWeaver AS LM Configuration Wizard access detected RuleID : 54574 - Revision : 1 - Type : POLICY-OTHER |
2020-09-02 | SAP NetWeaver AS LM Configuration Wizard access detected RuleID : 54573 - Revision : 1 - Type : POLICY-OTHER |
2020-09-02 | SAP NetWeaver AS LM Configuration Wizard directory traversal attempt RuleID : 54572 - Revision : 1 - Type : SERVER-WEBAPP |
2020-09-02 | SAP NetWeaver AS LM Configuration Wizard directory traversal attempt RuleID : 54571 - Revision : 1 - Type : SERVER-WEBAPP |
Metasploit Database
id | Description |
---|---|
2020-07-14 | SAP Unauthenticated WebService User Creation |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2022-04-29 02:04:49 |
|
2021-08-05 01:40:03 |
|
2021-07-21 17:23:38 |
|
2021-05-04 14:05:07 |
|
2021-04-22 03:10:24 |
|
2021-04-06 21:23:14 |
|
2021-04-06 00:22:49 |
|
2020-09-02 21:23:05 |
|
2020-07-23 21:22:49 |
|
2020-07-16 21:23:14 |
|
2020-07-14 21:23:11 |
|
2020-07-14 17:22:52 |
|