CVE-2020-6224

SAP NetWeaver AS Java (HTTP Service), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker with administrator privileges to access user sensitive data such as passwords in trace files, when the user logs in and sends request with login credentials, leading to Information Disclosure.

Published: Apr 14, 2020
Updated: Apr 14, 2023
CVE: CVE-2020-6224
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.2
AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 3.5
AV:N/AC:M/Au:S/C:P/I:N/A:N

CWEs:

CWE-532

Affected Software
References

Software	From	Fixed in
sap / netweaver_application_server_java	7.20	7.20.x
sap / netweaver_application_server_java	7.30	7.30.x
sap / netweaver_application_server_java	7.31	7.31.x
sap / netweaver_application_server_java	7.40	7.40.x
sap / netweaver_application_server_java	7.50	7.50.x
sap / netweaver_application_server_java	7.10	7.10.x
sap / netweaver_application_server_java	7.11	7.11.x

https://launchpad.support.sap.com/#/notes/2826528
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202

Vulnerability Database

289,784

CVE-2020-6224