CVE-2020-6285 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2020-6285

CWE

https://cwe.mitre.org/data/definitions/.html

SAP NetWeaver - XML Toolkit for JAVA (ENGINEAPI) (versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50), under certain conditions allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure.

Affected Software

Name	Vendor	Start Version	End Version
Netweaver	Sap	7.10 (including)	7.10 (including)
Netweaver	Sap	7.11 (including)	7.11 (including)
Netweaver	Sap	7.20 (including)	7.20 (including)
Netweaver	Sap	7.30 (including)	7.30 (including)
Netweaver	Sap	7.31 (including)	7.31 (including)
Netweaver	Sap	7.40 (including)	7.40 (including)
Netweaver	Sap	7.50 (including)	7.50 (including)

References

https://launchpad.support.sap.com/#/notes/2932473
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552599675