CVE-2020-6263

MEDIUM Year: 2020
CVSS v3 Score
6.9
Medium
CVSS v2 Score
7.5
High
Weakness Type
CWE-306
View all →

Vulnerability Description

Standalone clients connecting to SAP NetWeaver AS Java via P4 Protocol, versions (SAP-JEECOR 7.00, 7.01; SERVERCOR 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; CORE-TOOLS 7.00, 7.01, 7.02, 7.05, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50) do not perform any authentication checks for operations that require user identity leading to Authentication Bypass.

Related Vulnerabilities

CVE-2020-25697

HIGH
CVSS:7.0(High)

A privilege escalation flaw was found in the Xorg-x11-server due to a lack of authentication for X11 clients. This flaw allows an attacker to take control of an X application by impersonating the serv...

CWE-3062020

CVE-2017-17746

MEDIUM
CVSS:6.8(Medium)

Weak access control methods on the TP-Link TL-SG108E 1.0.0 allow any user on a NAT network with an authenticated administrator to access the device without entering user credentials. The authenticatio...

CWE-3062017

CVE-2017-8156

MEDIUM
CVSS:6.8(Medium)

The outdoor unit of Customer Premise Equipment (CPE) product B2338-168 V100R001C00 has a no authentication vulnerability on the serial port. An attacker can access the serial port on the circuit board...

CWE-3062017

CVE-2019-16258

MEDIUM
CVSS:6.8(Medium)

The bootloader of the homee Brain Cube V2 through 2.23.0 allows attackers with physical access to gain root access by manipulating the U-Boot environment via the CLI after connecting to the internal U...

CWE-3062019

CVE-2020-10263

MEDIUM
CVSS:6.8(Medium)

An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.52.4. Attackers can get root shell by accessing the UART interface and then they can (i) read Wi-Fi SSID or password, (ii) read the dialogue...

CWE-3062020

CVE-2020-15483

MEDIUM
CVSS:6.8(Medium)

An issue was discovered on Nescomed Multipara Monitor M1000 devices. The physical UART debug port provides a shell, without requiring a password, with complete access.

CWE-3062020