Authentication Bypass Vulnerability in SAP NetWeaver AS Java via P4 Protocol

Authentication Bypass Vulnerability in SAP NetWeaver AS Java via P4 Protocol

CVE-2020-6263 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Standalone clients connecting to SAP NetWeaver AS Java via P4 Protocol, versions (SAP-JEECOR 7.00, 7.01; SERVERCOR 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; CORE-TOOLS 7.00, 7.01, 7.02, 7.05, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50) do not perform any authentication checks for operations that require user identity leading to Authentication Bypass.

Learn more about our Cis Benchmark Audit For Server Software.