Is CVE-2020-6287 actively exploited?

CVE-2020-6287 has no public evidence of in-the-wild exploitation as of 2025-10-31.

What is the CVSS score for CVE-2020-6287?

CVE-2020-6287 has a CVSS score of 10 (CRITICAL severity). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H.

How do I patch CVE-2020-6287?

Patch guidance is available from sap security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2020-6287.

Fix CVE-2020-6287 - CRITICAL

Q: Which products are affected by CVE-2020-6287?

4 products: sap netweaver application server java, sap netweaver application server java, sap netweaver application server java, sap netweaver application server java.

Description

SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create an administrative user, and therefore compromising Confidentiality, Integrity and Availability of the system, leading to Missing Authentication Check.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector: network
Complexity: low
Privileges: none
User Action: none
Scope: changed
Confidentiality: high
Integrity: high
Availability: high
Weaknesses: CWE-306 · Missing Authentication CWE-306 · Missing Authentication

Metadata

Primary Vendor: SAP
Published: 7/14/2020
Last Modified: 10/31/2025
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

sap : netweaver_application_server_javasap : netweaver_application_server_javasap : netweaver_application_server_javasap : netweaver_application_server_java

Remediation Guidance

Executive Summary

View on NIST NVD