Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for SAP NetWeaver AS ABAP (Business Server Pages Test Application IT00) by SAP SE

    CVE-2020-6215 (GCVE-0-2020-6215)

    Vulnerability from nvd – Published: 2020-04-14 00:00 – Updated: 2024-08-04 08:55
    VLAI
    Summary
    SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, allows an attacker to redirect users to a malicious site due to insufficient URL validation and steal credentials of the victim, leading to URL Redirection vulnerability.
    CWE
    • URL Redirection
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP SE SAP NetWeaver AS ABAP (Business Server Pages Test Application IT00) Affected: < 700
    Affected: < 701
    Affected: < 702
    Affected: < 730
    Affected: < 731
    Affected: < 740
    Affected: < 750
    Affected: < 751
    Affected: < 752
    Affected: < 753
    Affected: < 754
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:55:22.077Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2872782"
              },
              {
                "name": "20231005 SEC Consult SA-20231005 :: Open Redirect in SAP BSP Test Application it00 (Bypass for CVE-2020-6215 Patch)",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2023/Oct/13"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/174985/SAP-Application-Server-ABAP-Open-Redirection.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP NetWeaver AS ABAP (Business Server Pages Test Application IT00)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 700"
                },
                {
                  "status": "affected",
                  "version": "\u003c 701"
                },
                {
                  "status": "affected",
                  "version": "\u003c 702"
                },
                {
                  "status": "affected",
                  "version": "\u003c 730"
                },
                {
                  "status": "affected",
                  "version": "\u003c 731"
                },
                {
                  "status": "affected",
                  "version": "\u003c 740"
                },
                {
                  "status": "affected",
                  "version": "\u003c 750"
                },
                {
                  "status": "affected",
                  "version": "\u003c 751"
                },
                {
                  "status": "affected",
                  "version": "\u003c 752"
                },
                {
                  "status": "affected",
                  "version": "\u003c 753"
                },
                {
                  "status": "affected",
                  "version": "\u003c 754"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, allows an attacker to redirect users to a malicious site due to insufficient URL validation and steal credentials of the victim, leading to URL Redirection vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "URL Redirection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-06T16:06:17.300Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202"
            },
            {
              "url": "https://launchpad.support.sap.com/#/notes/2872782"
            },
            {
              "name": "20231005 SEC Consult SA-20231005 :: Open Redirect in SAP BSP Test Application it00 (Bypass for CVE-2020-6215 Patch)",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2023/Oct/13"
            },
            {
              "url": "http://packetstormsecurity.com/files/174985/SAP-Application-Server-ABAP-Open-Redirection.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2020-6215",
        "datePublished": "2020-04-14T00:00:00.000Z",
        "dateReserved": "2020-01-08T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:55:22.077Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-6215 (GCVE-0-2020-6215)

    Vulnerability from cvelistv5 – Published: 2020-04-14 00:00 – Updated: 2024-08-04 08:55
    VLAI
    Summary
    SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, allows an attacker to redirect users to a malicious site due to insufficient URL validation and steal credentials of the victim, leading to URL Redirection vulnerability.
    CWE
    • URL Redirection
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP SE SAP NetWeaver AS ABAP (Business Server Pages Test Application IT00) Affected: < 700
    Affected: < 701
    Affected: < 702
    Affected: < 730
    Affected: < 731
    Affected: < 740
    Affected: < 750
    Affected: < 751
    Affected: < 752
    Affected: < 753
    Affected: < 754
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:55:22.077Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2872782"
              },
              {
                "name": "20231005 SEC Consult SA-20231005 :: Open Redirect in SAP BSP Test Application it00 (Bypass for CVE-2020-6215 Patch)",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2023/Oct/13"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/174985/SAP-Application-Server-ABAP-Open-Redirection.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP NetWeaver AS ABAP (Business Server Pages Test Application IT00)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 700"
                },
                {
                  "status": "affected",
                  "version": "\u003c 701"
                },
                {
                  "status": "affected",
                  "version": "\u003c 702"
                },
                {
                  "status": "affected",
                  "version": "\u003c 730"
                },
                {
                  "status": "affected",
                  "version": "\u003c 731"
                },
                {
                  "status": "affected",
                  "version": "\u003c 740"
                },
                {
                  "status": "affected",
                  "version": "\u003c 750"
                },
                {
                  "status": "affected",
                  "version": "\u003c 751"
                },
                {
                  "status": "affected",
                  "version": "\u003c 752"
                },
                {
                  "status": "affected",
                  "version": "\u003c 753"
                },
                {
                  "status": "affected",
                  "version": "\u003c 754"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, allows an attacker to redirect users to a malicious site due to insufficient URL validation and steal credentials of the victim, leading to URL Redirection vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "URL Redirection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-06T16:06:17.300Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202"
            },
            {
              "url": "https://launchpad.support.sap.com/#/notes/2872782"
            },
            {
              "name": "20231005 SEC Consult SA-20231005 :: Open Redirect in SAP BSP Test Application it00 (Bypass for CVE-2020-6215 Patch)",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2023/Oct/13"
            },
            {
              "url": "http://packetstormsecurity.com/files/174985/SAP-Application-Server-ABAP-Open-Redirection.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2020-6215",
        "datePublished": "2020-04-14T00:00:00.000Z",
        "dateReserved": "2020-01-08T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:55:22.077Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }