CVE-2020-6263
First published: Wed Jun 10 2020(Updated: )
Standalone clients connecting to SAP NetWeaver AS Java via P4 Protocol, versions (SAP-JEECOR 7.00, 7.01; SERVERCOR 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; CORE-TOOLS 7.00, 7.01, 7.02, 7.05, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50) do not perform any authentication checks for operations that require user identity leading to Authentication Bypass.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP NetWeaver Application Server Java | =7.00 | |
| SAP NetWeaver Application Server Java | =7.01 | |
| SAP NetWeaver Application Server Java | =7.02 | |
| SAP NetWeaver Application Server Java | =7.05 | |
| SAP NetWeaver Application Server Java | =7.10 | |
| SAP NetWeaver Application Server Java | =7.11 | |
| SAP NetWeaver Application Server Java | =7.20 | |
| SAP NetWeaver Application Server Java | =7.30 | |
| SAP NetWeaver Application Server Java | =7.31 | |
| SAP NetWeaver Application Server Java | =7.40 | |
| SAP NetWeaver Application Server Java | =7.50 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-6263?
The severity of CVE-2020-6263 is critical.
Which SAP products are affected by CVE-2020-6263?
SAP NetWeaver Application Server Java versions 7.00 to 7.50 are affected by CVE-2020-6263.
What is the vulnerability description for CVE-2020-6263?
Standalone clients connecting to SAP NetWeaver AS Java via P4 Protocol do not perform any authentication checks for certain operations.
How can I fix CVE-2020-6263?
Apply the latest patches and updates provided by SAP to address CVE-2020-6263.
Are there any references for CVE-2020-6263?
Yes, you can find more information about CVE-2020-6263 in the following references: [SAP Note 2878568](https://launchpad.support.sap.com/#/notes/2878568) and [SAP Wiki](https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775).
- collector/nvd-index
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/first-publish-date
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- vendor/sap
- canonical/sap netweaver application server java
- version/sap netweaver application server java/7.00
- version/sap netweaver application server java/7.01
- version/sap netweaver application server java/7.02
- version/sap netweaver application server java/7.05
- version/sap netweaver application server java/7.10
- version/sap netweaver application server java/7.11
- version/sap netweaver application server java/7.20
- version/sap netweaver application server java/7.30
- version/sap netweaver application server java/7.31
- version/sap netweaver application server java/7.40
- version/sap netweaver application server java/7.50