CVE-2020-6280

EUVD-2020-27430
SAP NetWeaver (ABAP Server) and ABAP Platform, versions 731, 740, 750, allows an attacker with admin privileges to access certain files which should otherwise be restricted, leading to Information Disclosure.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
2.7 LOW
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
sapCNA
2.7 LOW
NETWORK
LOW
HIGH
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 45%
Affected Products (NVD)
VendorProductVersion
sapabap_platform
7.31
sapabap_platform
7.40
sapabap_platform
7.50
𝑥
= Vulnerable software versions
References
https://launchpad.support.sap.com/#/notes/2927373
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552599675
https://launchpad.support.sap.com/#/notes/2927373
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552599675