Vulnerabilities > CVE-2020-6181 - Unspecified vulnerability in SAP Abap Platform and Netweaver

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

sap

NVD

Published: 2020-02-12

Updated: 2020-02-21

Summary

Under some circumstances the SAML SSO implementation in the SAP NetWeaver (SAP_BASIS versions 702, 730, 731, 740 and SAP ABAP Platform (SAP_BASIS versions 750, 751, 752, 753, 754), allows an attacker to include invalidated data in the HTTP response header sent to a Web user, leading to HTTP Response Splitting vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP Abap Platform 7.50 SAP Abap Platform 7.51 SAP Abap Platform 7.52 SAP Abap Platform 7.53 SAP Abap Platform 7.54 SAP Netweaver 7.02 SAP Netweaver 7.30 SAP Netweaver 7.31 SAP Netweaver 7.40	9

References

https://launchpad.support.sap.com/#/notes/2880744
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812