CVE-2020-6215

CVSS 6.1 MEDIUMEPSS 1.5%

Vexday Risk Score

13Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 6.1EPSS 1.5%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

14 abr 2020Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, allows an attacker to redirect users to a malicious site due to insufficient URL validation and steal credentials of the victim, leading to URL Redirection vulnerability.

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Produtos afetados

SAP SE · SAP NetWeaver AS ABAP (Business Server Pages Test Application IT00)

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

http://packetstormsecurity.com/files/174985/SAP-Application-Server-ABAP-Open-Redirection.html http://seclists.org/fulldisclosure/2023/Oct/13 https://launchpad.support.sap.com/#/notes/2872782 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202