CVE-2020-6181 - OpenCVE

Under some circumstances the SAML SSO implementation in the SAP NetWeaver (SAP_BASIS versions 702, 730, 731, 740 and SAP ABAP Platform (SAP_BASIS versions 750, 751, 752, 753, 754), allows an attacker to include invalidated data in the HTTP response header sent to a Web user, leading to HTTP Response Splitting vulnerability.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Sap	Netweaver Abap Platform

Configuration 1 [-]

OR	cpe:2.3:a:sap:abap_platform:7.50:::::::*
	cpe:2.3:a:sap:abap_platform:7.51:::::::*
	cpe:2.3:a:sap:abap_platform:7.52:::::::*
	cpe:2.3:a:sap:abap_platform:7.53:::::::*
	cpe:2.3:a:sap:abap_platform:7.54:::::::*
	cpe:2.3:a:sap:netweaver:7.02:::::::*
	cpe:2.3:a:sap:netweaver:7.30:::::::*
	cpe:2.3:a:sap:netweaver:7.31:::::::*
	cpe:2.3:a:sap:netweaver:7.40:::::::*

References

Link	Resource
https://launchpad.support.sap.com/#/notes/2880744	Permissions Required Vendor Advisory
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: sap

Published: 2020-02-12T19:46:52

Updated: 2020-02-12T19:46:52

Reserved: 2020-01-08T00:00:00

Link: CVE-2020-6181

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-02-12T20:15:13.777

Modified: 2020-02-21T13:55:45.087

Link: CVE-2020-6181

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "SAP NetWeaver (SAP Basis)", "vendor": "SAP SE", "versions": [{"status": "affected", "version": "= 7.02"}, {"status": "affected", "version": "= 7.30"}, {"status": "affected", "version": "= 7.31"}, {"status": "affected", "version": "= 7.40"}]}, {"product": "SAP ABAP Platform (SAP Basis)", "vendor": "SAP SE", "versions": [{"status": "affected", "version": "= 7.50"}, {"status": "affected", "version": "= 7.51"}, {"status": "affected", "version": "= 7.52"}, {"status": "affected", "version": "= 7.53"}, {"status": "affected", "version": "= 7.54"}]}], "descriptions": [{"lang": "en", "value": "Under some circumstances the SAML SSO implementation in the SAP NetWeaver (SAP_BASIS versions 702, 730, 731, 740 and SAP ABAP Platform (SAP_BASIS versions 750, 751, 752, 753, 754), allows an attacker to include invalidated data in the HTTP response header sent to a Web user, leading to HTTP Response Splitting vulnerability."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "HTTP Response Splitting", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-02-12T19:46:52", "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812"}, {"tags": ["x_refsource_MISC"], "url": "https://launchpad.support.sap.com/#/notes/2880744"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cna@sap.com", "ID": "CVE-2020-6181", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SAP NetWeaver (SAP Basis)", "version": {"version_data": [{"version_name": "=", "version_value": "7.02"}, {"version_name": "=", "version_value": "7.30"}, {"version_name": "=", "version_value": "7.31"}, {"version_name": "=", "version_value": "7.40"}]}}, {"product_name": "SAP ABAP Platform (SAP Basis)", "version": {"version_data": [{"version_name": "=", "version_value": "7.50"}, {"version_name": "=", "version_value": "7.51"}, {"version_name": "=", "version_value": "7.52"}, {"version_name": "=", "version_value": "7.53"}, {"version_name": "=", "version_value": "7.54"}]}}]}, "vendor_name": "SAP SE"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Under some circumstances the SAML SSO implementation in the SAP NetWeaver (SAP_BASIS versions 702, 730, 731, 740 and SAP ABAP Platform (SAP_BASIS versions 750, 751, 752, 753, 754), allows an attacker to include invalidated data in the HTTP response header sent to a Web user, leading to HTTP Response Splitting vulnerability."}]}, "impact": {"cvss": {"baseScore": "5.8", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "HTTP Response Splitting"}]}]}, "references": {"reference_data": [{"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812", "refsource": "MISC", "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812"}, {"name": "https://launchpad.support.sap.com/#/notes/2880744", "refsource": "MISC", "url": "https://launchpad.support.sap.com/#/notes/2880744"}]}}}}, "cveMetadata": {"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "assignerShortName": "sap", "cveId": "CVE-2020-6181", "datePublished": "2020-02-12T19:46:52", "dateReserved": "2020-01-08T00:00:00", "dateUpdated": "2020-02-12T19:46:52", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sap:abap_platform:7.50:*:*:*:*:*:*:*", "matchCriteriaId": "A7AAA98F-50DD-4752-8D42-1E7B5B93BDB1", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:abap_platform:7.51:*:*:*:*:*:*:*", "matchCriteriaId": "1F7FC59C-72BB-4977-9003-DE65F9BE3361", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:abap_platform:7.52:*:*:*:*:*:*:*", "matchCriteriaId": "143EB1D2-F62A-4223-9D3A-0CCBF75FEF2D", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:abap_platform:7.53:*:*:*:*:*:*:*", "matchCriteriaId": "688AE1F8-1A9D-4B2E-91DE-1E0010BE9DD9", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:abap_platform:7.54:*:*:*:*:*:*:*", "matchCriteriaId": "A643D231-9256-4325-9706-662EF80D0531", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver:7.02:*:*:*:*:*:*:*", "matchCriteriaId": "A9805246-77E5-456C-B7CF-07CFF2F9F069", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver:7.30:*:*:*:*:*:*:*", "matchCriteriaId": "606EFE4F-57A4-44E2-A98D-F0867A658218", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver:7.31:*:*:*:*:*:*:*", "matchCriteriaId": "FECD5E96-7669-4747-80D2-27F95BF420BC", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver:7.40:*:*:*:*:*:*:*", "matchCriteriaId": "F019F7F5-7740-4BD4-850F-D7A1923C6200", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Under some circumstances the SAML SSO implementation in the SAP NetWeaver (SAP_BASIS versions 702, 730, 731, 740 and SAP ABAP Platform (SAP_BASIS versions 750, 751, 752, 753, 754), allows an attacker to include invalidated data in the HTTP response header sent to a Web user, leading to HTTP Response Splitting vulnerability."}, {"lang": "es", "value": "En algunas circunstancias, la implementaci\u00f3n de SSO SAML en SAP NetWeaver (SAP_BASIS versiones 702, 730, 731, 740 y SAP ABAP Platform (SAP_BASIS versiones 750, 751, 752, 753, 754), permite a un atacante incluir datos invalidados en encabezado de respuesta HTTP enviado a un usuario Web, conllevando a una vulnerabilidad de Divisi\u00f3n de Respuesta HTTP."}], "id": "CVE-2020-6181", "lastModified": "2020-02-21T13:55:45.087", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "cna@sap.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-02-12T20:15:13.777", "references": [{"source": "cna@sap.com", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://launchpad.support.sap.com/#/notes/2880744"}, {"source": "cna@sap.com", "tags": ["Vendor Advisory"], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}