CVE-2020-6240

HIGH

SAP NetWeaver AS ABAP (Web Dynpro ABAP) - Unauthenticated Denial of Service

Title source: llm
STIX 2.1

Description

SAP NetWeaver AS ABAP (Web Dynpro ABAP), versions (SAP_UI 750, 752, 753, 754 and SAP_BASIS 700, 710, 730, 731, 804) allows an unauthenticated attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service leading to Denial of Service

References (2)

Core 2
Core References
Permissions Required x_refsource_misc
https://launchpad.support.sap.com/#/notes/2856923

Scores

CVSS v3 7.5
EPSS 0.0144
EPSS Percentile 80.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

Status published
Products (9)
sap/netweaver_application_server_abap 700
sap/netweaver_application_server_abap 710
sap/netweaver_application_server_abap 730
sap/netweaver_application_server_abap 731
sap/netweaver_application_server_abap 750
sap/netweaver_application_server_abap 752
sap/netweaver_application_server_abap 753
sap/netweaver_application_server_abap 754
sap/netweaver_application_server_abap 804
Published May 12, 2020
Tracked Since Feb 18, 2026