CVE-2020-6203

Summary

SAP NetWeaver UDDI Server (Services Registry), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing 'traverse to parent directory' are passed through to the file APIs, leading to Path Traversal.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP NetWeaver UDDI Server (Services Registry)< 7.10affected
SAP SESAP NetWeaver UDDI Server (Services Registry)< 7.11affected
SAP SESAP NetWeaver UDDI Server (Services Registry)< 7.20affected
SAP SESAP NetWeaver UDDI Server (Services Registry)< 7.30affected
SAP SESAP NetWeaver UDDI Server (Services Registry)< 7.31affected
SAP SESAP NetWeaver UDDI Server (Services Registry)< 7.40affected
SAP SESAP NetWeaver UDDI Server (Services Registry)< 7.50affected

Weaknesses

  • Path Traversal

ADP Enrichment

CVE Program Container

Additional References

References