CVE-2020-6280

SAP NetWeaver (ABAP Server) and ABAP Platform, versions 731, 740, 750, allows an attacker with admin privileges to access certain files which should otherwise be restricted, leading to Information Disclosure.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
2.7 LOW
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
sapCNA
2.7 LOW
NETWORK
LOW
HIGH
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 45%
VendorProductVersion
sapabap_platform
7.31
sapabap_platform
7.40
sapabap_platform
7.50
𝑥
= Vulnerable software versions
References
https://launchpad.support.sap.com/#/notes/2927373
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552599675
https://launchpad.support.sap.com/#/notes/2927373
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552599675