CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-6366

SAP NetWeaver (Compare Systems) versions - 7.20, 7.30, 7.40, 7.50, does not sufficiently validate uploaded XML documents. An attacker with administrative privileges can retrieve arbitrary files including files on OS level from the server and/or can execute a denial-of-service.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 61.4%

CVSS Severity

CVSS v3 Score 7.6

CVSS v2 Score 5.5

References

https://launchpad.support.sap.com/#/notes/2969457
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196
https://launchpad.support.sap.com/#/notes/2969457
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196

Products affected by CVE-2020-6366

Sap » Netweaver Compare Systems » Version: 7.20

cpe:2.3:a:sap:netweaver_compare_systems:7.20
Sap » Netweaver Compare Systems » Version: 7.30

cpe:2.3:a:sap:netweaver_compare_systems:7.30
Sap » Netweaver Compare Systems » Version: 7.31

cpe:2.3:a:sap:netweaver_compare_systems:7.31
Sap » Netweaver Compare Systems » Version: 7.40

cpe:2.3:a:sap:netweaver_compare_systems:7.40
Sap » Netweaver Compare Systems » Version: 7.50

cpe:2.3:a:sap:netweaver_compare_systems:7.50

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-6366

Products

Pricing

Contact Us