CVE-2020-6228 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
sap	CNA	5.3 MEDIUM	NETWORK	HIGH	NONE	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 25%

Vendor	Product	Version
sap	business_client	6.0
sap	business_client	6.0:patch_level1
sap	business_client	6.0:patch_level10
sap	business_client	6.0:patch_level11
sap	business_client	6.0:patch_level12
sap	business_client	6.0:patch_level13
sap	business_client	6.0:patch_level14
sap	business_client	6.0:patch_level15
sap	business_client	6.0:patch_level16
sap	business_client	6.0:patch_level17
sap	business_client	6.0:patch_level2
sap	business_client	6.0:patch_level3
sap	business_client	6.0:patch_level4
sap	business_client	6.0:patch_level5
sap	business_client	6.0:patch_level6
sap	business_client	6.0:patch_level7
sap	business_client	6.0:patch_level8
sap	business_client	6.0:patch_level9
sap	business_client	6.5
sap	business_client	6.5:patch_level1
sap	business_client	6.5:patch_level10
sap	business_client	6.5:patch_level11
sap	business_client	6.5:patch_level12
sap	business_client	6.5:patch_level13
sap	business_client	6.5:patch_level14
sap	business_client	6.5:patch_level15
sap	business_client	6.5:patch_level16
sap	business_client	6.5:patch_level17
sap	business_client	6.5:patch_level18
sap	business_client	6.5:patch_level19
sap	business_client	6.5:patch_level2
sap	business_client	6.5:patch_level3
sap	business_client	6.5:patch_level4
sap	business_client	6.5:patch_level5
sap	business_client	6.5:patch_level6
sap	business_client	6.5:patch_level7
sap	business_client	6.5:patch_level8
sap	business_client	6.5:patch_level9
sap	business_client	7.0
sap	business_client	7.0:patch_level1
sap	business_client	7.0:patch_level2
sap	business_client	7.0:patch_level3
sap	business_client	7.0:patch_level4
sap	business_client	7.0:patch_level5
sap	business_client	7.0:patch_level6

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-354 - Improper Validation of Integrity Check Value
The software does not validate or incorrectly validates the integrity check values or "checksums" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.

References

https://launchpad.support.sap.com/#/notes/2866752

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202

https://launchpad.support.sap.com/#/notes/2866752

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202