CVE-2020-6181

Under some circumstances the SAML SSO implementation in the SAP NetWeaver (SAP_BASIS versions 702, 730, 731, 740 and SAP ABAP Platform (SAP_BASIS versions 750, 751, 752, 753, 754), allows an attacker to include invalidated data in the HTTP response header sent to a Web user, leading to HTTP Response Splitting vulnerability.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.8 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
sapCNA
5.8 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 53%
VendorProductVersion
sapabap_platform
7.50
sapabap_platform
7.51
sapabap_platform
7.52
sapabap_platform
7.53
sapabap_platform
7.54
sapnetweaver
7.02
sapnetweaver
7.30
sapnetweaver
7.31
sapnetweaver
7.40
𝑥
= Vulnerable software versions
References
https://launchpad.support.sap.com/#/notes/2880744
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812
https://launchpad.support.sap.com/#/notes/2880744
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812