CVE-2020-6318: Code Injection
First published: Wed Sep 09 2020(Updated: )
A Remote Code Execution vulnerability exists in the SAP NetWeaver (ABAP Server, up to release 7.40) and ABAP Platform (> release 7.40).Because of this, an attacker can exploit these products via Code Injection, and potentially enabling to take complete control of the products, including viewing, changing, or deleting data by injecting code into the working memory which is subsequently executed by the application. It can also be used to cause a general fault in the product, causing the products to terminate.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP ABAP Platform | =700 | |
| SAP ABAP Platform | =701 | |
| SAP ABAP Platform | =702 | |
| SAP ABAP Platform | =710 | |
| SAP ABAP Platform | =711 | |
| SAP ABAP Platform | =730 | |
| SAP ABAP Platform | =731 | |
| SAP ABAP Platform | =740 | |
| SAP ABAP Platform | =750 | |
| SAP ABAP Platform | =751 | |
| SAP ABAP Platform | =753 | |
| SAP ABAP Platform | =754 | |
| SAP ABAP Platform | =755 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://packetstormsecurity.com/files/167229/SAP-Application-Server-ABAP-ABAP-Platform-Code-Injection-SQL-Injection-Missing-Authorization.html
- http://seclists.org/fulldisclosure/2022/May/42
- https://launchpad.support.sap.com/#/notes/2958563
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700
Frequently Asked Questions
What is the vulnerability ID for this SAP NetWeaver vulnerability?
The vulnerability ID for this SAP NetWeaver vulnerability is CVE-2020-6318.
What is the severity level of CVE-2020-6318?
The severity level of CVE-2020-6318 is critical.
Which versions of SAP ABAP Platform are affected by CVE-2020-6318?
SAP ABAP Platform versions 700 to 755 are affected by CVE-2020-6318.
How can an attacker exploit CVE-2020-6318?
An attacker can exploit CVE-2020-6318 via code injection and potentially take complete control of the affected SAP products.
Are there any references or additional information available for CVE-2020-6318?
Yes, you can find more information about CVE-2020-6318 in the following references: http://packetstormsecurity.com/files/167229/SAP-Application-Server-ABAP-ABAP-Platform-Code-Injection-SQL-Injection-Missing-Authorization.html, http://seclists.org/fulldisclosure/2022/May/42, and https://launchpad.support.sap.com/#/notes/2958563.
- collector/nvd-index
- agent/severity
- agent/references
- agent/author
- agent/weakness
- agent/description
- agent/type
- agent/event
- agent/tags
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- vendor/sap
- canonical/sap abap platform
- version/sap abap platform/700
- version/sap abap platform/701
- version/sap abap platform/702
- version/sap abap platform/710
- version/sap abap platform/711
- version/sap abap platform/730
- version/sap abap platform/731
- version/sap abap platform/740
- version/sap abap platform/750
- version/sap abap platform/751
- version/sap abap platform/753
- version/sap abap platform/754
- version/sap abap platform/755