CVE-2020-6286

Summary

The insufficient input path validation of certain parameter in the web service of SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to exploit a method to download zip files to a specific directory, leading to Path Traversal.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP NetWeaver AS JAVA (LM Configuration Wizard)< 7.30affected
SAP SESAP NetWeaver AS JAVA (LM Configuration Wizard)< 7.31affected
SAP SESAP NetWeaver AS JAVA (LM Configuration Wizard)< 7.40affected
SAP SESAP NetWeaver AS JAVA (LM Configuration Wizard)< 7.50affected

Weaknesses

  • Path Traversal

ADP Enrichment

CVE Program Container

Additional References

References