CVEs-PoC/2020/CVE-2020-6309.md

### [CVE-2020-6309](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6309)
![](https://img.shields.io/static/v1?label=Product&message=SAP%20NetWeaver%20AS%20JAVA%20(ENGINEAPI)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SAP%20NetWeaver%20AS%20JAVA%20(J2EE-FRMW)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SAP%20NetWeaver%20AS%20JAVA%20(WSRM)&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3C7.10%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Missing%20Authentication%20check&color=brighgreen)

### Description

SAP NetWeaver AS JAVA, versions - (ENGINEAPI 7.10; WSRM 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; J2EE-FRMW 7.10, 7.11), does not perform any authentication checks for a web service allowing the attacker to send several payloads and leading to complete denial of service.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/lmkalg/my_cves