{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2020-6215","assignerOrgId":"e4686d1a-f260-4930-ac4c-2f5c992778dd","assignerShortName":"sap","dateUpdated":"2024-08-04T08:55:22.077Z","dateReserved":"2020-01-08T00:00:00.000Z","datePublished":"2020-04-14T00:00:00.000Z"},"containers":{"cna":{"providerMetadata":{"orgId":"e4686d1a-f260-4930-ac4c-2f5c992778dd","shortName":"sap","dateUpdated":"2023-10-06T16:06:17.300Z"},"descriptions":[{"lang":"en","value":"SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, allows an attacker to redirect users to a malicious site due to insufficient URL validation and steal credentials of the victim, leading to URL Redirection vulnerability."}],"affected":[{"vendor":"SAP SE","product":"SAP NetWeaver AS ABAP (Business Server Pages Test Application IT00)","versions":[{"version":"< 700","status":"affected"},{"version":"< 701","status":"affected"},{"version":"< 702","status":"affected"},{"version":"< 730","status":"affected"},{"version":"< 731","status":"affected"},{"version":"< 740","status":"affected"},{"version":"< 750","status":"affected"},{"version":"< 751","status":"affected"},{"version":"< 752","status":"affected"},{"version":"< 753","status":"affected"},{"version":"< 754","status":"affected"}]}],"references":[{"url":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202"},{"url":"https://launchpad.support.sap.com/#/notes/2872782"},{"name":"20231005 SEC Consult SA-20231005 :: Open Redirect in SAP BSP Test Application it00 (Bypass for CVE-2020-6215 Patch)","tags":["mailing-list"],"url":"http://seclists.org/fulldisclosure/2023/Oct/13"},{"url":"http://packetstormsecurity.com/files/174985/SAP-Application-Server-ABAP-Open-Redirection.html"}],"metrics":[{"cvssV3_0":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":6.1,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"text","lang":"en","description":"URL Redirection"}]}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T08:55:22.077Z"},"title":"CVE Program Container","references":[{"url":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202","tags":["x_transferred"]},{"url":"https://launchpad.support.sap.com/#/notes/2872782","tags":["x_transferred"]},{"name":"20231005 SEC Consult SA-20231005 :: Open Redirect in SAP BSP Test Application it00 (Bypass for CVE-2020-6215 Patch)","tags":["mailing-list","x_transferred"],"url":"http://seclists.org/fulldisclosure/2023/Oct/13"},{"url":"http://packetstormsecurity.com/files/174985/SAP-Application-Server-ABAP-Open-Redirection.html","tags":["x_transferred"]}]}]}}