A Remote Code Execution vulnerability exists in the SAP NetWeaver (ABAP Server, up to release 7.40) and ABAP Platform (> release 7.40).Because of this, an attacker can exploit these products via Code Injection, and potentially enabling to take complete control of the products, including viewing, changing, or deleting data by injecting code into the working memory which is subsequently executed by the application. It can also be used to cause a general fault in the product, causing the products to terminate.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/167229/SAP-Application-Server-ABAP-ABAP-Platform-Code-Injection-SQL-Injection-Missing-Authorization.html | Exploit Third Party Advisory VDB Entry |
http://seclists.org/fulldisclosure/2022/May/42 | Exploit Mailing List Third Party Advisory |
https://launchpad.support.sap.com/#/notes/2958563 | Permissions Required |
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
01 Jul 2022, 19:24
Type | Values Removed | Values Added |
---|---|---|
References | (FULLDISC) http://seclists.org/fulldisclosure/2022/May/42 - Exploit, Mailing List, Third Party Advisory | |
References | (MISC) http://packetstormsecurity.com/files/167229/SAP-Application-Server-ABAP-ABAP-Platform-Code-Injection-SQL-Injection-Missing-Authorization.html - Exploit, Third Party Advisory, VDB Entry |
19 May 2022, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
19 May 2022, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2020-09-09 13:15
Updated : 2024-02-04 21:00
NVD link : CVE-2020-6318
Mitre link : CVE-2020-6318
CVE.ORG link : CVE-2020-6318
JSON object : View
Products Affected
sap
- abap_platform
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')