Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities found for application_server by sap
CVE-2020-6262 (GCVE-0-2020-6262)
Vulnerability from cvelistv5 – Published: 2020-05-12 17:51 – Updated: 2024-08-04 08:55
VLAI
Summary
Service Data Download in SAP Application Server ABAP (ST-PI, before versions 2008_1_46C, 2008_1_620, 2008_1_640, 2008_1_700, 2008_1_710, 740) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application and the whole ABAP system leading to Code Injection.
Severity
9.9 (Critical)
CWE
- Code Injection
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://wiki.scn.sap.com/wiki/pages/viewpage.acti… | x_refsource_MISC |
| https://launchpad.support.sap.com/#/notes/2835979 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SAP SE | SAP Application Server ABAP (ST-PI) |
Affected:
< 2008_1_46C
Affected: < 2008_1_620 Affected: < 2008_1_640 Affected: < 2008_1_700 Affected: < 2008_1_710 Affected: < 740 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:55:22.163Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2835979"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP Application Server ABAP (ST-PI)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 2008_1_46C"
},
{
"status": "affected",
"version": "\u003c 2008_1_620"
},
{
"status": "affected",
"version": "\u003c 2008_1_640"
},
{
"status": "affected",
"version": "\u003c 2008_1_700"
},
{
"status": "affected",
"version": "\u003c 2008_1_710"
},
{
"status": "affected",
"version": "\u003c 740"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Service Data Download in SAP Application Server ABAP (ST-PI, before versions 2008_1_46C, 2008_1_620, 2008_1_640, 2008_1_700, 2008_1_710, 740) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application and the whole ABAP system leading to Code Injection."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Code Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-12T17:51:57.000Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/2835979"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2020-6262",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP Application Server ABAP (ST-PI)",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "2008_1_46C"
},
{
"version_name": "\u003c",
"version_value": "2008_1_620"
},
{
"version_name": "\u003c",
"version_value": "2008_1_640"
},
{
"version_name": "\u003c",
"version_value": "2008_1_700"
},
{
"version_name": "\u003c",
"version_value": "2008_1_710"
},
{
"version_name": "\u003c",
"version_value": "740"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Service Data Download in SAP Application Server ABAP (ST-PI, before versions 2008_1_46C, 2008_1_620, 2008_1_640, 2008_1_700, 2008_1_710, 740) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application and the whole ABAP system leading to Code Injection."
}
]
},
"impact": {
"cvss": {
"baseScore": "9.9",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Code Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222",
"refsource": "MISC",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2835979",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/2835979"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2020-6262",
"datePublished": "2020-05-12T17:51:57.000Z",
"dateReserved": "2020-01-08T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:55:22.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-6262 (GCVE-0-2020-6262)
Vulnerability from nvd – Published: 2020-05-12 17:51 – Updated: 2024-08-04 08:55
VLAI
Summary
Service Data Download in SAP Application Server ABAP (ST-PI, before versions 2008_1_46C, 2008_1_620, 2008_1_640, 2008_1_700, 2008_1_710, 740) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application and the whole ABAP system leading to Code Injection.
Severity
9.9 (Critical)
CWE
- Code Injection
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://wiki.scn.sap.com/wiki/pages/viewpage.acti… | x_refsource_MISC |
| https://launchpad.support.sap.com/#/notes/2835979 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SAP SE | SAP Application Server ABAP (ST-PI) |
Affected:
< 2008_1_46C
Affected: < 2008_1_620 Affected: < 2008_1_640 Affected: < 2008_1_700 Affected: < 2008_1_710 Affected: < 740 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:55:22.163Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2835979"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP Application Server ABAP (ST-PI)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 2008_1_46C"
},
{
"status": "affected",
"version": "\u003c 2008_1_620"
},
{
"status": "affected",
"version": "\u003c 2008_1_640"
},
{
"status": "affected",
"version": "\u003c 2008_1_700"
},
{
"status": "affected",
"version": "\u003c 2008_1_710"
},
{
"status": "affected",
"version": "\u003c 740"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Service Data Download in SAP Application Server ABAP (ST-PI, before versions 2008_1_46C, 2008_1_620, 2008_1_640, 2008_1_700, 2008_1_710, 740) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application and the whole ABAP system leading to Code Injection."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Code Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-12T17:51:57.000Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/2835979"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2020-6262",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP Application Server ABAP (ST-PI)",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "2008_1_46C"
},
{
"version_name": "\u003c",
"version_value": "2008_1_620"
},
{
"version_name": "\u003c",
"version_value": "2008_1_640"
},
{
"version_name": "\u003c",
"version_value": "2008_1_700"
},
{
"version_name": "\u003c",
"version_value": "2008_1_710"
},
{
"version_name": "\u003c",
"version_value": "740"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Service Data Download in SAP Application Server ABAP (ST-PI, before versions 2008_1_46C, 2008_1_620, 2008_1_640, 2008_1_700, 2008_1_710, 740) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application and the whole ABAP system leading to Code Injection."
}
]
},
"impact": {
"cvss": {
"baseScore": "9.9",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Code Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222",
"refsource": "MISC",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2835979",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/2835979"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2020-6262",
"datePublished": "2020-05-12T17:51:57.000Z",
"dateReserved": "2020-01-08T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:55:22.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}