CVE-2020-6293
7.3
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Summary
SAP NetWeaver (Knowledge Management), versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to upload a malicious file and also to access, modify or make unavailable existing files but the impact is limited to the files themselves and is restricted by other policies such as access control lists and other upload file size restrictions, leading to Unrestricted File Upload.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP SE | SAP NetWeaver (Knowledge Management) | < 7.30 | affected |
| SAP SE | SAP NetWeaver (Knowledge Management) | < 7.31 | affected |
| SAP SE | SAP NetWeaver (Knowledge Management) | < 7.40 | affected |
| SAP SE | SAP NetWeaver (Knowledge Management) | < 7.50 | affected |
Weaknesses
- Unrestricted File Upload
ADP Enrichment
CVE Program Container
Additional References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345
- https://launchpad.support.sap.com/#/notes/2938162
References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345
- https://launchpad.support.sap.com/#/notes/2938162
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.