CVE-2020-6224

medium

Description

SAP NetWeaver AS Java (HTTP Service), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker with administrator privileges to access user sensitive data such as passwords in trace files, when the user logs in and sends request with login credentials, leading to Information Disclosure.

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202

https://launchpad.support.sap.com/#/notes/2826528

Details

Source: Mitre, NVD

Published: 2020-04-14

Updated: 2021-07-21

Risk Information

CVSS v2

Base Score: 3.5

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 6.2

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N

Severity: Medium

Detections

Analytics