Cloud Vulnerability DB
A community-led vulnerabilities database
Wiz Agents & Workflows are here
Vulnerability DatabaseCVE-2020-6299
CVE-2020-6299:
SAP NetWeaver Application Server ABAP vulnerability analysis and mitigation
Overview
SAP NetWeaver (ABAP Server) and ABAP Platform, versions 740, 750, 751, 752, 753, 754, and 755, contained a vulnerability that allows a business user to access the list of users in the given system using value help, leading to Information Disclosure. The vulnerability was assigned CVE-2020-6299 and was disclosed in January 2020 (CVE Details).
Technical details
The vulnerability affects multiple versions of SAP NetWeaver (ABAP Server) and ABAP Platform, specifically versions 740 through 755. The issue relates to unauthorized access to user lists through the value help functionality (CERT-FR).
Impact
The primary impact of this vulnerability is information disclosure, where unauthorized users could potentially access the system's user list, compromising the confidentiality of user information (CVE Details).
Mitigation and workarounds
SAP has addressed this vulnerability through a security patch detailed in SAP Security Note 2941510 (SAP Note).
Additional resources
Source: This report was generated using AI
Related SAP NetWeaver Application Server ABAP vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management