SAP NetWeaver AS ABAP SAP_UI 750 Improper Input Validation Vulnerability

Summary

SAP NetWeaver AS ABAP SAP_UI 750 suffers from improper input validation vulnerability

Credit:

The information has been provided by Ahmad Halabi

The original article can be found at:https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222


Details

SAP NetWeaver AS ABAP (Web Dynpro ABAP), versions (SAP_UI 750, 752, 753, 754 and SAP_BASIS 700, 710, 730, 731, 804) allows an unauthenticated attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service leading to Denial of Service

 

Vulnerable Systems:

SAP NetWeaver AS ABAP SAP_UI 750

SAP NetWeaver AS ABAP SAP_UI 752

SAP NetWeaver AS ABAP SAP_UI 753

SAP NetWeaver AS ABAP SAP_UI 754

SAP_BASIS 700

SAP_BASIS 710

SAP_BASIS 730

SAP_BASIS 731

SAP_BASIS 804

 

CVE Information:

CVE-2020-6240

 

Disclosure Timeline:
Published Date:5/12/2020

Categories: FeaturedNews