CVE-2020-6299

EUVD-2020-27449
SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 740, 750, 751, 752, 753, 754, 755, allows a business user to access the list of users in the given system using value help, leading to Information Disclosure.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
sapCNA
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 45%
References
https://launchpad.support.sap.com/#/notes/2941510
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345
https://launchpad.support.sap.com/#/notes/2941510
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345