CVE-2020-6296: Code Injection
First published: Wed Aug 12 2020(Updated: )
SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 753, 755, allows an attacker to inject code that can be executed by the application, leading to Code Injection. An attacker could thereby control the behavior of the application.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP ABAP | =7.31 | |
| SAP ABAP | =700 | |
| SAP ABAP | =701 | |
| SAP ABAP | =702 | |
| SAP ABAP | =710 | |
| SAP ABAP | =711 | |
| SAP ABAP | =740 | |
| SAP ABAP | =750 | |
| SAP ABAP | =751 | |
| SAP ABAP | =753 | |
| SAP ABAP | =755 | |
| SAP NetWeaver AS ABAP | =700 | |
| SAP NetWeaver AS ABAP | =701 | |
| SAP NetWeaver AS ABAP | =702 | |
| SAP NetWeaver AS ABAP | =710 | |
| SAP NetWeaver AS ABAP | =711 | |
| SAP NetWeaver AS ABAP | =731 | |
| SAP NetWeaver AS ABAP | =740 | |
| SAP NetWeaver AS ABAP | =750 | |
| SAP NetWeaver AS ABAP | =751 | |
| SAP NetWeaver AS ABAP | =753 | |
| SAP NetWeaver AS ABAP | =755 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-6296?
CVE-2020-6296 is a vulnerability in SAP NetWeaver (ABAP Server) and ABAP Platform versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 753, 755.
What is the severity of CVE-2020-6296?
The severity of CVE-2020-6296 is high with a CVSS score of 8.8.
What is the impact of CVE-2020-6296?
CVE-2020-6296 allows an attacker to inject code that can be executed by the application, leading to Code Injection and potential control of the application's behavior.
Which software versions are affected by CVE-2020-6296?
SAP NetWeaver (ABAP Server) and ABAP Platform versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 753, 755 are affected by CVE-2020-6296.
How can I fix CVE-2020-6296?
To fix CVE-2020-6296, SAP has provided patches and recommends applying the necessary security updates. Please refer to SAP's security notes and documentation for detailed instructions.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/severity
- agent/event
- agent/description
- agent/first-publish-date
- agent/weakness
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/sap
- canonical/sap abap
- version/sap abap/7.31
- version/sap abap/700
- version/sap abap/701
- version/sap abap/702
- version/sap abap/710
- version/sap abap/711
- version/sap abap/740
- version/sap abap/750
- version/sap abap/751
- version/sap abap/753
- version/sap abap/755
- canonical/sap netweaver as abap
- version/sap netweaver as abap/700
- version/sap netweaver as abap/701
- version/sap netweaver as abap/702
- version/sap netweaver as abap/710
- version/sap netweaver as abap/711
- version/sap netweaver as abap/731
- version/sap netweaver as abap/740
- version/sap netweaver as abap/750
- version/sap netweaver as abap/751
- version/sap netweaver as abap/753
- version/sap netweaver as abap/755