CVE-2020-6287CISA KEV: Actively Exploited

SAP NetWeaver Missing Authentication for Critical Function Vulnerability

Published Nov 3, 2021·Updated Nov 3, 2021

Description

SAP NetWeaver Application Server Java Platforms contains a missing authentication for critical function vulnerability allowing unauthenticated access to execute configuration tasks and create administrative users.

Public Exploits & PoCs6 found

PoC: SAP_RECON

PoC for CVE-2020-6287, CVE-2020-6286 (SAP RECON vulnerability)

198

PoC: CVE-2020-6287-exploit

PoC for CVE-2020-6287 The PoC in python for add user only, no administrator permission set. Inspired by @zeroSteiner from metasploit. Original Metasploit PR module: https://github.com/rapid7/metasploit-framework/pull/13852/commits/d1e2c75b3eafa7f62a6aba9fbe6220c8da97baa8 This PoC only create user with unauthentication permission and no more administrator permission set. This project is created only for educational purposes and cannot be used for law violation or personal gain. The author of this project is

94

PoC: CVE-2020-6287

[CVE-2020-6287] SAP NetWeaver AS JAVA (LM Configuration Wizard) Authentication Bypass (Create Simple & Administrator Java User)

12

PoC: CVE-2020-6287_SAP-NetWeaver-bypass-auth

Automated Exploit for CVE-2020-6287

PoC: SAP_CVE-2020-6287_find_mandate

Checker help to verify created account or find it's mandat

PoC: CVE-2020-6287-Sap-Add-User

sap netweaver portal add user administrator

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free