CVE-2020-6371
MEDIUMSAP NetWeaver Application Server ABAP <750-750 - Info Disclosure
Title source: llmDescription
User enumeration vulnerability can be exploited to get a list of user accounts and personal user information can be exposed in SAP NetWeaver Application Server ABAP (POWL test application) versions - 710, 711, 730, 731, 740, 750, leading to Information Disclosure.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196
Permissions Required, Vendor Advisory x_refsource_misc
https://launchpad.support.sap.com/#/notes/2963137
Scores
CVSS v3
4.3
EPSS
0.0020
EPSS Percentile
41.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Details
Status
published
Products (6)
sap/netweaver_application_server_abap
710
sap/netweaver_application_server_abap
711
sap/netweaver_application_server_abap
730
sap/netweaver_application_server_abap
731
sap/netweaver_application_server_abap
740
sap/netweaver_application_server_abap
750
Published
Oct 15, 2020
Tracked Since
Feb 18, 2026