SAP NetWeaver AS Java (HTTP Service), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker with administrator privileges to access user sensitive data such as passwords in trace files, when the user logs in and sends request with login credentials, leading to Information Disclosure.
References
Link | Resource |
---|---|
https://launchpad.support.sap.com/#/notes/2826528 | Permissions Required Vendor Advisory |
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: sap
Published: 2020-04-14T18:31:46
Updated: 2020-04-14T18:31:46
Reserved: 2020-01-08T00:00:00
Link: CVE-2020-6224
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-04-14T19:15:17.530
Modified: 2021-07-21T11:39:23.747
Link: CVE-2020-6224
JSON object: View
Redhat Information
No data.
CWE