ByteOS Network

CVE Vulnerability Details :

CVE-2020-6181

PUBLISHED

More Info Official Page

Assigner-sap

Assigner Org ID-e4686d1a-f260-4930-ac4c-2f5c992778dd

Published At-12 Feb, 2020 | 19:46

Updated At-04 Aug, 2024 | 08:55

▼CVE Numbering Authority (CNA)

Under some circumstances the SAML SSO implementation in the SAP NetWeaver (SAP_BASIS versions 702, 730, 731, 740 and SAP ABAP Platform (SAP_BASIS versions 750, 751, 752, 753, 754), allows an attacker to include invalidated data in the HTTP response header sent to a Web user, leading to HTTP Response Splitting vulnerability.

Affected Products

Vendor

SAP SE

Product

SAP NetWeaver (SAP Basis)

Versions

Affected

= 7.02
= 7.30
= 7.31
= 7.40

Vendor

SAP SE

Product

SAP ABAP Platform (SAP Basis)

Versions

Affected

= 7.50
= 7.51
= 7.52
= 7.53
= 7.54

Problem Types

Type	CWE ID	Description
text	N/A	HTTP Response Splitting

Metrics

Version	Base score	Base severity	Vector
3.0	5.8	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

References

Hyperlink	Resource
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812	x_refsource_MISC
https://launchpad.support.sap.com/#/notes/2880744	x_refsource_MISC

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812	x_refsource_MISC x_transferred
https://launchpad.support.sap.com/#/notes/2880744	x_refsource_MISC x_transferred

Affected Products

Affected

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References