Improper Access Control in SAP NetWeaver ABAP Server and ABAP Platform Allows User Enumeration and Information Disclosure

Improper Access Control in SAP NetWeaver ABAP Server and ABAP Platform Allows User Enumeration and Information Disclosure

CVE-2020-6310 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Improper access control in SOA Configuration Trace component in SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 702, 730, 731, 740, 750, allows any authenticated user to enumerate all SAP users, leading to Information Disclosure.

Learn more about our Cis Benchmark Audit For Server Software.