CVE-2020-6202

Summary

SAP NetWeaver Application Server Java (User Management Engine), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; does not sufficiently validate the LDAP data source configuration XML document accepted from an untrusted source, leading to Missing XML Validation.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP NetWeaver Application Server Java (User Management Engine)< 7.10affected
SAP SESAP NetWeaver Application Server Java (User Management Engine)< 7.11affected
SAP SESAP NetWeaver Application Server Java (User Management Engine)< 7.20affected
SAP SESAP NetWeaver Application Server Java (User Management Engine)< 7.30affected
SAP SESAP NetWeaver Application Server Java (User Management Engine)< 7.31affected
SAP SESAP NetWeaver Application Server Java (User Management Engine)< 7.40affected
SAP SESAP NetWeaver Application Server Java (User Management Engine)< 7.50affected

Weaknesses

  • Missing XML Validation

ADP Enrichment

CVE Program Container

Additional References

References