CVE-2020-6299 | Vulnerability Database | Aqua Security

SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 740, 750, 751, 752, 753, 754, 755, allows a business user to access the list of users in the given system using value help, leading to Information Disclosure.

Affected Software

Name	Vendor	Start Version	End Version
Abap_platform	Sap	740 (including)	740 (including)
Abap_platform	Sap	750 (including)	750 (including)
Abap_platform	Sap	751 (including)	751 (including)
Abap_platform	Sap	753 (including)	753 (including)
Abap_platform	Sap	754 (including)	754 (including)
Abap_platform	Sap	755 (including)	755 (including)
Netweaver_application_server_abap	Sap	740 (including)	740 (including)
Netweaver_application_server_abap	Sap	750 (including)	750 (including)
Netweaver_application_server_abap	Sap	751 (including)	751 (including)
Netweaver_application_server_abap	Sap	753 (including)	753 (including)
Netweaver_application_server_abap	Sap	754 (including)	754 (including)
Netweaver_application_server_abap	Sap	755 (including)	755 (including)

References

https://launchpad.support.sap.com/#/notes/2941510
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345

NVD	https://nvd.nist.gov/vuln/detail/CVE-2020-6299
CWE	https://cwe.mitre.org/data/definitions/.html