漏洞描述
SAP NetWeaver ASJAVA(LM配置向导),版本7.30、7.31、7.40、7.50,不执行身份验证检查,这允许未经事先身份验证的攻击者执行配置任务,以对SAPJAVA系统执行关键操作,包括创建管理用户的能力,从而损害机密性,系统的完整性和可用性。 # userName - sapRpoc6351 # password- Secure!PwD8890
SAP NetWeaver AS JAVA 7.30-7.50 管理员用户添加(CVE-2020-6287)
PoC代码
暂无相关漏洞推荐
- POC CVE-2013-3827: Javafaces LFI
- POC CVE-2017-12637: SAP NetWeaver Application Server Java 7.5 - Local File Inclusion
- POC CVE-2020-6287: SAP NetWeaver AS JAVA 7.30-7.50 - Remote Admin Addition
- POC CVE-2021-37573: Tiny Java Web Server - Cross-Site Scripting
- POC CVE-2022-29078: Node.js Embedded JavaScript 3.1.6 - Template Injection
- POC CVE-2023-29827: Embedded JavaScript(EJS) 3.1.6 - Template Injection
- POC CVE-2025-46822: Java-springboot-codebase 1.1 - Arbitrary File Read
- POC CVE-2017-12149: Java/Jboss Deserialization [RCE]
- POC CVE-2018-15531: JavaMelody XXE
- POC javamelody-detect: JavaMelody Monitoring Exposed
- POC jinjava-ssti: Jinjava - Server Side Template Injection
- POC javascript-env-config: JavaScript Environment Configuration - Detect
- POC javascript-env: JavaScript Environment Configuration - Detect