CVE-2020-6203
9.1
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Summary
SAP NetWeaver UDDI Server (Services Registry), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing 'traverse to parent directory' are passed through to the file APIs, leading to Path Traversal.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP SE | SAP NetWeaver UDDI Server (Services Registry) | < 7.10 | affected |
| SAP SE | SAP NetWeaver UDDI Server (Services Registry) | < 7.11 | affected |
| SAP SE | SAP NetWeaver UDDI Server (Services Registry) | < 7.20 | affected |
| SAP SE | SAP NetWeaver UDDI Server (Services Registry) | < 7.30 | affected |
| SAP SE | SAP NetWeaver UDDI Server (Services Registry) | < 7.31 | affected |
| SAP SE | SAP NetWeaver UDDI Server (Services Registry) | < 7.40 | affected |
| SAP SE | SAP NetWeaver UDDI Server (Services Registry) | < 7.50 | affected |
Weaknesses
- Path Traversal
ADP Enrichment
CVE Program Container
Additional References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305
- https://launchpad.support.sap.com/#/notes/2806198
References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305
- https://launchpad.support.sap.com/#/notes/2806198
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.