Vulnerability Description
A Remote Code Execution vulnerability exists in the SAP NetWeaver (ABAP Server, up to release 7.40) and ABAP Platform (> release 7.40).Because of this, an attacker can exploit these products via Code Injection, and potentially enabling to take complete control of the products, including viewing, changing, or deleting data by injecting code into the working memory which is subsequently executed by the application. It can also be used to cause a general fault in the product, causing the products to terminate.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sap | Abap Platform | 700 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/167229/SAP-Application-Server-ABAP-ABAP-PlaExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2022/May/42ExploitMailing ListThird Party Advisory
- https://launchpad.support.sap.com/#/notes/2958563Permissions Required
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700Vendor Advisory
- http://packetstormsecurity.com/files/167229/SAP-Application-Server-ABAP-ABAP-PlaExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2022/May/42ExploitMailing ListThird Party Advisory
- https://launchpad.support.sap.com/#/notes/2958563Permissions Required
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700Vendor Advisory
FAQ
What is CVE-2020-6318?
CVE-2020-6318 is a vulnerability with a CVSS score of 7.2 (HIGH). A Remote Code Execution vulnerability exists in the SAP NetWeaver (ABAP Server, up to release 7.40) and ABAP Platform (> release 7.40).Because of this, an attacker can exploit these products via Code ...
How severe is CVE-2020-6318?
CVE-2020-6318 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-6318?
Check the references section above for vendor advisories and patch information. Affected products include: Sap Abap Platform.