CVE-2020-6260
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Summary
SAP Solution Manager (Trace Analysis), version 7.20, allows an attacker to inject superflous data that can be displayed by the application, due to Incomplete XML Validation. The application shows additional data that do not actually exist.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP SE | SAP Solution Manager (Trace Analysis) | < 7.20 | affected |
Weaknesses
- Incomplete XML Validation
ADP Enrichment
CVE Program Container
Additional References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775
- https://launchpad.support.sap.com/#/notes/2915126
References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775
- https://launchpad.support.sap.com/#/notes/2915126
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.