Vulnerabilites related to SAP SE - SAP NetWeaver AS ABAP (Business Server Pages Test Application IT00)
CVE-2020-6215 (GCVE-0-2020-6215)
Vulnerability from cvelistv5
Published
2020-04-14 00:00
Modified
2024-08-04 08:55
Severity ?
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE
  • URL Redirection
Summary
SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, allows an attacker to redirect users to a malicious site due to insufficient URL validation and steal credentials of the victim, leading to URL Redirection vulnerability.
References
Impacted products
Vendor Product Version
SAP SE SAP NetWeaver AS ABAP (Business Server Pages Test Application IT00) Version: < 700
Version: < 701
Version: < 702
Version: < 730
Version: < 731
Version: < 740
Version: < 750
Version: < 751
Version: < 752
Version: < 753
Version: < 754
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:55:22.077Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://launchpad.support.sap.com/#/notes/2872782"
          },
          {
            "name": "20231005 SEC Consult SA-20231005 :: Open Redirect in SAP BSP Test Application it00 (Bypass for CVE-2020-6215 Patch)",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2023/Oct/13"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/174985/SAP-Application-Server-ABAP-Open-Redirection.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SAP NetWeaver AS ABAP (Business Server Pages Test Application IT00)",
          "vendor": "SAP SE",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 700"
            },
            {
              "status": "affected",
              "version": "\u003c 701"
            },
            {
              "status": "affected",
              "version": "\u003c 702"
            },
            {
              "status": "affected",
              "version": "\u003c 730"
            },
            {
              "status": "affected",
              "version": "\u003c 731"
            },
            {
              "status": "affected",
              "version": "\u003c 740"
            },
            {
              "status": "affected",
              "version": "\u003c 750"
            },
            {
              "status": "affected",
              "version": "\u003c 751"
            },
            {
              "status": "affected",
              "version": "\u003c 752"
            },
            {
              "status": "affected",
              "version": "\u003c 753"
            },
            {
              "status": "affected",
              "version": "\u003c 754"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, allows an attacker to redirect users to a malicious site due to insufficient URL validation and steal credentials of the victim, leading to URL Redirection vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "URL Redirection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-06T16:06:17.300393",
        "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "shortName": "sap"
      },
      "references": [
        {
          "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202"
        },
        {
          "url": "https://launchpad.support.sap.com/#/notes/2872782"
        },
        {
          "name": "20231005 SEC Consult SA-20231005 :: Open Redirect in SAP BSP Test Application it00 (Bypass for CVE-2020-6215 Patch)",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2023/Oct/13"
        },
        {
          "url": "http://packetstormsecurity.com/files/174985/SAP-Application-Server-ABAP-Open-Redirection.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
    "assignerShortName": "sap",
    "cveId": "CVE-2020-6215",
    "datePublished": "2020-04-14T00:00:00",
    "dateReserved": "2020-01-08T00:00:00",
    "dateUpdated": "2024-08-04T08:55:22.077Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}