← back
CVE-2020-6287

CVE-2020-6287

CVSS 10 CRITICALEPSS 94.7%● KEVCWE-306
In short

SAP NetWeaver AS JAVA's Configuration Wizard fails to verify user identity, letting anyone access it without logging in. An attacker can use this to create admin accounts and take complete control of the system.

Technical detail

The LM Configuration Wizard in SAP NetWeaver AS JAVA (versions 7.30–7.50) lacks authentication validation on configuration endpoints, allowing unauthenticated remote attackers to execute privileged operations such as administrative user creation. This results in complete compromise of system confidentiality, integrity, and availability through direct access to sensitive configuration functions.

Summary generated and translated by AI from the official description.
SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create an administrative user, and therefore compromising Confidentiality, Integrity and Availability of the system, leading to Missing Authentication Check.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected products
SAP SE · SAP NetWeaver AS JAVA (LM Configuration Wizard)
public PoCs found8
githubgithub.com/chipik/SAP_RECON225githubgithub.com/duc-nt/CVE-2020-6287-exploit96githubgithub.com/Onapsis/CVE-2020-6287_RECON-scanner28githubgithub.com/murataydemir/CVE-2020-628713githubgithub.com/ynsmroztas/CVE-2020-6287-Sap-Add-User2githubgithub.com/dylvie/CVE-2020-6287_SAP-NetWeaver-bypass-auth1githubgithub.com/qmakake/SAP_CVE-2020-6287_find_mandate0cve_referencepacketstormsecurity.com/files/162085/SAP-JAVA-Configuration-Task-Execution.htmlunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/162085/SAP-JAVA-Configuration-Task-Execution.htmlhttp://seclists.org/fulldisclosure/2021/Apr/6https://launchpad.support.sap.com/#/notes/2934135https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552599675https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-6287https://www.onapsis.com/recon-sap-cyber-security-vulnerability