CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-6286

The insufficient input path validation of certain parameter in the web service of SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to exploit a method to download zip files to a specific directory, leading to Path Traversal.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.869

EPSS Ranking 99.4%

CVSS Severity

CVSS v3 Score 5.3

CVSS v2 Score 5.0

References

https://launchpad.support.sap.com/#/notes/2934135
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552599675
https://launchpad.support.sap.com/#/notes/2934135
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552599675

Products affected by CVE-2020-6286

Sap » Netweaver Application Server Java » Version: 7.30

cpe:2.3:a:sap:netweaver_application_server_java:7.30
Sap » Netweaver Application Server Java » Version: 7.31

cpe:2.3:a:sap:netweaver_application_server_java:7.31
Sap » Netweaver Application Server Java » Version: 7.40

cpe:2.3:a:sap:netweaver_application_server_java:7.40
Sap » Netweaver Application Server Java » Version: 7.50

cpe:2.3:a:sap:netweaver_application_server_java:7.50

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-6286

Products

Pricing

Contact Us