CVE-2020-6228

Опубликовано: 14 апр. 2020

Источник: nvd

CVSS3: 5.3

CVSS3: 7.5

CVSS2: 4.3

EPSS Низкий

Описание

SAP Business Client, versions 6.5, 7.0, does not perform necessary integrity checks which could be exploited by an attacker under certain conditions to modify the installer.

Ссылки

https://launchpad.support.sap.com/#/notes/2866752
Permissions Required
Vendor Advisory
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202
Vendor Advisory
https://launchpad.support.sap.com/#/notes/2866752
Permissions Required
Vendor Advisory
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:sap:business_client:6.0:-:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.0:patch_level1:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.0:patch_level10:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.0:patch_level11:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.0:patch_level12:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.0:patch_level13:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.0:patch_level14:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.0:patch_level15:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.0:patch_level16:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.0:patch_level17:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.0:patch_level2:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.0:patch_level3:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.0:patch_level4:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.0:patch_level5:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.0:patch_level6:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.0:patch_level7:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.0:patch_level8:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.0:patch_level9:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.5:-:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.5:patch_level1:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.5:patch_level10:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.5:patch_level11:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.5:patch_level12:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.5:patch_level13:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.5:patch_level14:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.5:patch_level15:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.5:patch_level16:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.5:patch_level17:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.5:patch_level18:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.5:patch_level19:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.5:patch_level2:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.5:patch_level3:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.5:patch_level4:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.5:patch_level5:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.5:patch_level6:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.5:patch_level7:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.5:patch_level8:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.5:patch_level9:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:7.0:-:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:7.0:patch_level1:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:7.0:patch_level2:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:7.0:patch_level3:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:7.0:patch_level4:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:7.0:patch_level5:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:7.0:patch_level6:*:*:*:*:*:*

EPSS

Процентиль: 33%

0.00131

Низкий

5.3 Medium

CVSS3

7.5 High

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-354

Связанные уязвимости

GHSA-42h8-r672-w9r8

CVSS3: 7.5

github

больше 3 лет назад

SAP Business Client, versions 6.5, 7.0, does not perform necessary integrity checks which could be exploited by an attacker under certain conditions to modify the installer.

EPSS

Процентиль: 33%

0.00131

Низкий

5.3 Medium

CVSS3

7.5 High

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-354