CVE-2020-6320

Опубликовано: 09 сент. 2020

Источник: nvd

CVSS3: 9.6

CVSS3: 8.1

CVSS2: 5.5

EPSS Низкий

Описание

SAP Marketing (Servlet), version-130,140,150, allows an authenticated attacker to invoke certain functions that are restricted. Limited knowledge of payload is required for an attacker to exploit the vulnerability and perform tasks related to contact and interaction data which impacts Confidentiality and Integrity of data in the application.

Ссылки

https://launchpad.support.sap.com/#/notes/2961991
Permissions Required
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700
Vendor Advisory
https://launchpad.support.sap.com/#/notes/2961991
Permissions Required
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:sap:marketing:130:*:*:*:*:*:*:*

cpe:2.3:a:sap:marketing:140:*:*:*:*:*:*:*

cpe:2.3:a:sap:marketing:150:*:*:*:*:*:*:*

EPSS

Процентиль: 58%

0.00364

Низкий

9.6 Critical

CVSS3

8.1 High

CVSS3

5.5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-2gcq-qrr4-wc8f

github

больше 3 лет назад

EPSS

Процентиль: 58%

0.00364

Низкий

9.6 Critical

CVSS3

8.1 High

CVSS3

5.5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo