CVE-2020-6181

Severity

57%

Complexity

39%

Confidentiality

23%

Under some circumstances the SAML SSO implementation in the SAP NetWeaver (SAP_BASIS versions 702, 730, 731, 740 and SAP ABAP Platform (SAP_BASIS versions 750, 751, 752, 753, 754), allows an attacker to include invalidated data in the HTTP response header sent to a Web user, leading to HTTP Response Splitting vulnerability.

Under some circumstances the SAML SSO implementation in the SAP NetWeaver (SAP_BASIS versions 702, 730, 731, 740 and SAP ABAP Platform (SAP_BASIS versions 750, 751, 752, 753, 754), allows an attacker to include invalidated data in the HTTP response header sent to a Web user, leading to HTTP Response Splitting vulnerability.

CVSS 3.1 Base Score 5.8. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N).

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N).

Overview

Type

SAP

First reported 5 years ago

2020-02-12 20:15:00

Last updated 5 years ago

2020-02-21 13:55:00

Affected Software

SAP ABAP Platform 7.50

7.50

SAP ABAP Platform 7.51

7.51

SAP ABAP Platform 7.52

7.52

SAP ABAP Platform 7.53

7.53

SAP ABAP Platform 7.54

7.54

SAP Netweaver 7.02

7.02

SAP NetWeaver 7.30

7.30

SAP Netweaver 7.31

7.31

SAP Netweaver 7.40

7.40

References

https://launchpad.support.sap.com/#/notes/2880744

Permissions Required, Vendor Advisory

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812

Vendor Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.