CVE-2020-6287

Confirmed PUBLISHED

SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an...

SAP SE · SAP NetWeaver AS JAVA (LM Configuration Wizard)
Exploited in the wild Active exploitation observed PoC available Virtual patch available

Recommended Action

Prioritize immediate patching and validate internet-facing exposure. Monitor for matching exploitation attempts in your environment.

Confidence
Confirmed
Exploitation Status
Active exploitation observed
Observed in Sensors
Yes
Attempts (30d)
40
Unique Attacker IPs
20
CISA KEV
In CISA KEV
Virtual Patch
Yes 3 targets
CVSS / EPSS
10.0 Critical EPSS 94.7%

At a Glance

SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create an administrative user, and therefore compromising Confidentiality, Integrity and Availability of the system, leading to Missing Authentication Check.

nuclei_scanner cisa java
CVE Published
Jul 14, 2020
Exploitation Reported
Nov 03, 2021
CVSS
10.0 Critical
EPSS
94.7%
Remote Low complexity No user interaction Unauthenticated

Affected Versions

Vendor Product Version Status
SAP SE
SAP NetWeaver AS JAVA (LM Configuration Wizard)

< 7.30

Affected
SAP SE
SAP NetWeaver AS JAVA (LM Configuration Wizard)

< 7.31

Affected
SAP SE
SAP NetWeaver AS JAVA (LM Configuration Wizard)

< 7.40

Affected
SAP SE
SAP NetWeaver AS JAVA (LM Configuration Wizard)

< 7.50

Affected

CVE References

Recommended Actions

  • Prioritize immediate patching and validate internet-facing exposure. Monitor for matching exploitation attempts in your environment.
  • Review sensor telemetry for request paths, attacker IPs, and payload patterns that may inform detection and exposure validation.
  • Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.