CVE-2020-6287
SAP NetWeaver Missing Authentication for Critical Function Vulnerability
CVSS
—
No CVSS
EPSS
94.7%
p100
KEV
YES
Nov 3, 2021
Exploit Today
80
0-100
Published: — · Last modified: —
94.7%EPSS · 30 days94.7%
2026-06-302026-07-16
Product
SAP / NetWeaver
Vulnerability
SAP NetWeaver Missing Authentication for Critical Function Vulnerability
Added to KEV
Nov 3, 2021
Remediate by
May 3, 2022
Known ransomware use
No
Summary description
SAP NetWeaver Application Server Java Platforms contains a missing authentication for critical function vulnerability allowing unauthenticated access to execute configuration tasks and create administrative users.
Required action
Apply updates per vendor instructions.
Notes
https://nvd.nist.gov/vuln/detail/CVE-2020-6287
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2025-31324—99.9%
KEV—80SAP NetWeaver Unrestricted File Upload Vulnerability—CVE-2017-12637—99.8%
KEV—80SAP NetWeaver Directory Traversal Vulnerability—CVE-2016-2386—99.3%
KEV—80SAP NetWeaver SQL Injection Vulnerability—CVE-2016-2388—98.8%
KEV—80SAP NetWeaver Information Disclosure Vulnerability—CVE-2016-3976—98.7%
KEV—80SAP NetWeaver Directory Traversal Vulnerability—CVE-2021-38163—98.3%
KEV—79SAP NetWeaver Unrestricted File Upload Vulnerability—