{"cve":{"cve_id":"CVE-2020-6287","is_kev":true,"kev_date_added":"2021-11-03","kev_vendor_project":"SAP","kev_product":"NetWeaver","kev_vulnerability_name":"SAP NetWeaver Missing Authentication for Critical Function Vulnerability","kev_short_description":"SAP NetWeaver Application Server Java Platforms contains a missing authentication for critical function vulnerability allowing unauthenticated access to execute configuration tasks and create administrative users.","kev_required_action":"Apply updates per vendor instructions.","kev_due_date":"2022-05-03","kev_known_ransomware":false,"kev_notes":"https://nvd.nist.gov/vuln/detail/CVE-2020-6287","kev_cwes":["CWE-306"],"epss_score":0.94719,"epss_percentile":0.99846,"epss_as_of":"2026-06-23","description":"SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create an administrative user, and therefore compromising Confidentiality, Integrity and Availability of the system, leading to Missing Authentication Check.","published_at":"2020-07-14T12:30:14Z","last_modified_at":null,"cvss_v3_score":10.0,"cvss_v3_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","cvss_v3_severity":"CRITICAL","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":"active","ssvc_automatable":true,"ssvc_technical_impact":"total","cwes":["CWE-306"],"nvd_references":["https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552599675","https://launchpad.support.sap.com/#/notes/2934135","https://www.onapsis.com/recon-sap-cyber-security-vulnerability","http://seclists.org/fulldisclosure/2021/Apr/6","http://packetstormsecurity.com/files/162085/SAP-JAVA-Configuration-Task-Execution.html"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:31.350578Z","updated_at":"2026-06-28T23:14:28.790014Z"},"effective_severity":"CRITICAL","badges":["kev","poc","epss"],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.0","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"N","value_label":"None"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"S","name":"Scope","value":"C","value_label":"Changed"},{"metric":"C","name":"Confidentiality","value":"H","value_label":"High"},{"metric":"I","name":"Integrity","value":"H","value_label":"High"},{"metric":"A","name":"Availability","value":"H","value_label":"High"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"sap-se","vendor_name":"SAP_SE","product_slug":"sap-netweaver-as-java-lm-configuration-wizard","product_name":"SAP NetWeaver AS JAVA (LM Configuration Wizard)","version_start":"< 7.30","version_start_inclusive":true,"version_end":"< 7.30","version_end_inclusive":true,"cpe23_uri":"cve5:sap-se:sap-netweaver-as-java-lm-configuration-wizard:< 7.30:< 7.30"},{"vendor_slug":"sap-se","vendor_name":"SAP_SE","product_slug":"sap-netweaver-as-java-lm-configuration-wizard","product_name":"SAP NetWeaver AS JAVA (LM Configuration Wizard)","version_start":"< 7.31","version_start_inclusive":true,"version_end":"< 7.31","version_end_inclusive":true,"cpe23_uri":"cve5:sap-se:sap-netweaver-as-java-lm-configuration-wizard:< 7.31:< 7.31"},{"vendor_slug":"sap-se","vendor_name":"SAP_SE","product_slug":"sap-netweaver-as-java-lm-configuration-wizard","product_name":"SAP NetWeaver AS JAVA (LM Configuration Wizard)","version_start":"< 7.40","version_start_inclusive":true,"version_end":"< 7.40","version_end_inclusive":true,"cpe23_uri":"cve5:sap-se:sap-netweaver-as-java-lm-configuration-wizard:< 7.40:< 7.40"},{"vendor_slug":"sap-se","vendor_name":"SAP_SE","product_slug":"sap-netweaver-as-java-lm-configuration-wizard","product_name":"SAP NetWeaver AS JAVA (LM Configuration Wizard)","version_start":"< 7.50","version_start_inclusive":true,"version_end":"< 7.50","version_end_inclusive":true,"cpe23_uri":"cve5:sap-se:sap-netweaver-as-java-lm-configuration-wizard:< 7.50:< 7.50"}],"exploit_refs":[{"source":"nuclei","kind":"nuclei","url":"https://github.com/projectdiscovery/nuclei-templates/blob/main/workflows/sap-netweaver-workflow.yaml","title":"SAP NetWaver Security Checks","author":"dwisiswant0","disclosed_at":null},{"source":"nuclei","kind":"nuclei","url":"https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-6287.yaml","title":"SAP NetWeaver AS JAVA 7.30-7.50 - Remote Admin Addition","author":"dwisiswant0","disclosed_at":null}],"news":[],"references":[{"url":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552599675","source_type":"MISC","tags":[]},{"url":"https://launchpad.support.sap.com/#/notes/2934135","source_type":"MISC","tags":[]},{"url":"https://www.onapsis.com/recon-sap-cyber-security-vulnerability","source_type":"MISC","tags":[]},{"url":"http://seclists.org/fulldisclosure/2021/Apr/6","source_type":"MAILING_LIST","tags":["mailing-list"]},{"url":"http://packetstormsecurity.com/files/162085/SAP-JAVA-Configuration-Task-Execution.html","source_type":"EXPLOIT","tags":["exploit"]}],"timeline":[{"type":"published","at":"2020-07-14T12:30:14Z","label":"CVE published","source":null},{"type":"cisa_reported","at":"2021-11-03T00:00:00Z","label":"Added to CISA KEV catalog","source":"kev"},{"type":"poc_available","at":"2026-06-24T00:29:48.638073Z","label":"Public PoC available","source":"nuclei"},{"type":"ssvc_changed","at":"2026-06-24T00:31:35.223313Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-24T00:31:35.223313Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-24T00:31:35.223313Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"cvss_changed","at":"2026-06-24T00:31:35.223313Z","label":"CVSS score revised","source":"vulnrichment"},{"type":"cvss_changed","at":"2026-06-24T00:31:35.223313Z","label":"CVSS score revised","source":"vulnrichment"},{"type":"cvss_changed","at":"2026-06-24T00:31:35.223313Z","label":"CVSS score revised","source":"vulnrichment"}]}