VDB

CVE-2020-6262

CVE-2020-6262 PUBLISHED CVSS 9.899999618530273 CRITICAL

Service Data Download in SAP Application Server ABAP (ST-PI, before versions 2008_1_46C, 2008_1_620, 2008_1_640, 2008_1_700, 2008_1_710, 740) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application and the whole ABAP system leading to Code Injection.

EPSS 0.79% · 74.3th percentile

Risk Scores

CVSS 3.0
9.899999618530273
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score
0.79%
74.3th percentile

Affected Products

VendorProductVersions
sapapplication_server*, 740, 2008_1_46c
SAP SESAP Application Server ABAP (ST-PI)< 2008_1_46C, < 2008_1_620, < 2008_1_640

Exploit Intelligence

Timeline

  • May 12, 2020 CVE Published
  • Apr 14, 2021 EPSS Score
  • Jun 23, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Dec 27, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Feb 28, 2022 EPSS Score
  • May 1, 2022 EPSS Score
  • Jul 3, 2022 EPSS Score
  • Sep 4, 2022 EPSS Score
  • Nov 6, 2022 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›