一、 漏洞 CVE-2020-6287 基础信息
漏洞信息
                                        # N/A

## 概述
SAP NetWeaver AS JAVA (LM Configuration Wizard) 存在一个漏洞,未执行身份验证检查,允许未经过身份验证的攻击者执行配置任务,从而执行对 SAP Java 系统的临界操作,包括创建管理用户,进而危及系统的机密性、完整性和可用性。

## 影响版本
- 7.30
- 7.31
- 7.40
- 7.50

## 细节
该漏洞具体表现为 LM Configuration Wizard 组件未执行必要的身份验证检查。攻击者可以利用该漏洞执行配置任务,其中包括能够创建具有管理权限的用户账户。

## 影响
由于缺少身份验证检查,该漏洞可能让恶意用户创建管理账户,进而危及系统的 Confidentiality(机密性)、Integrity(完整性)和 Availability(可用性)。
提示
尽管我们采用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
漏洞标题
N/A
来源:美国国家漏洞数据库 NVD
漏洞描述信息
SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create an administrative user, and therefore compromising Confidentiality, Integrity and Availability of the system, leading to Missing Authentication Check.
来源:美国国家漏洞数据库 NVD
CVSS信息
N/A
来源:美国国家漏洞数据库 NVD
漏洞类别
N/A
来源:美国国家漏洞数据库 NVD
漏洞标题
SAP NetWeaver AS JAVA 授权问题漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
SAP Netweaver是德国思爱普(SAP)公司的一套面向服务的集成化应用平台。该平台主要为SAP应用程序提供开发和运行环境。SAP NetWeaver Application Server(AS)Java是一款运行于NetWeaver中且基于Java编程语言的应用服务器。 SAP NetWeaver AS JAVA (LM Configuration Wizard)中存在授权问题漏洞,该漏洞源于程序未执行身份验证检查。攻击者可利用该漏洞执行配置任务,在SAP Java系统上执行重要操作,包括创建管理
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
授权问题
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2020-6287 的公开POC
# POC 描述 源链接 神龙链接
1 PoC for CVE-2020-6287, CVE-2020-6286 (SAP RECON vulnerability) https://github.com/chipik/SAP_RECON POC详情
2 PoC for CVE-2020-6287 The PoC in python for add user only, no administrator permission set. Inspired by @zeroSteiner from metasploit. Original Metasploit PR module: https://github.com/rapid7/metasploit-framework/pull/13852/commits/d1e2c75b3eafa7f62a6aba9fbe6220c8da97baa8 This PoC only create user with unauthentication permission and no more administrator permission set. This project is created only for educational purposes and cannot be used for law violation or personal gain. The author of this project is not responsible for any possible harm caused by the materials of this project. Original finding: CVE-2020-6287: Pablo Artuso CVE-2020-6286: Yvan 'iggy' G. Usage: python sap-CVE-2020-6287-add-user.py <HTTP(s)://IP:Port https://github.com/duc-nt/CVE-2020-6287-exploit POC详情
3 None https://github.com/Onapsis/CVE-2020-6287_RECON-scanner POC详情
4 sap netweaver portal add user administrator https://github.com/ynsmroztas/CVE-2020-6287-Sap-Add-User POC详情
5 [CVE-2020-6287] SAP NetWeaver AS JAVA (LM Configuration Wizard) Authentication Bypass (Create Simple & Administrator Java User) https://github.com/murataydemir/CVE-2020-6287 POC详情
6 Checker help to verify created account or find it's mandat https://github.com/qmakake/SAP_CVE-2020-6287_find_mandate POC详情
7 Automated Exploit for CVE-2020-6287 https://github.com/dylvie/CVE-2020-6287_SAP-NetWeaver-bypass-auth POC详情
8 A simple workflow that runs all SAP NetWaver related nuclei templates on a given target. https://github.com/projectdiscovery/nuclei-templates/blob/main/workflows/sap-netweaver-workflow.yaml POC详情
9 SAP NetWeaver AS JAVA (LM Configuration Wizard), versions 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create an administrative user, and therefore compromising Confidentiality, Integrity and Availability of the system. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-6287.yaml POC详情
三、漏洞 CVE-2020-6287 的情报信息