CVE-2020-6320 — HIGH (8.1) — White Hats Nepal

Vulnerability Description

SAP Marketing (Servlet), version-130,140,150, allows an authenticated attacker to invoke certain functions that are restricted. Limited knowledge of payload is required for an attacker to exploit the vulnerability and perform tasks related to contact and interaction data which impacts Confidentiality and Integrity of data in the application.

CVSS Score

8.1

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Sap	Marketing	130

References

https://launchpad.support.sap.com/#/notes/2961991Permissions Required
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700Vendor Advisory
https://launchpad.support.sap.com/#/notes/2961991Permissions Required
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700Vendor Advisory

FAQ

What is CVE-2020-6320?

CVE-2020-6320 is a vulnerability with a CVSS score of 8.1 (HIGH). SAP Marketing (Servlet), version-130,140,150, allows an authenticated attacker to invoke certain functions that are restricted. Limited knowledge of payload is required for an attacker to exploit the ...

How severe is CVE-2020-6320?

CVE-2020-6320 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-6320?

Check the references section above for vendor advisories and patch information. Affected products include: Sap Marketing.