CVE-2020-6225 Information
Feb 14, 2021
cve
Description
SAP NetWeaver (Knowledge Management) versions (KMC-CM - 7.00 7.01 7.02 7.30 7.31 7.40 7.50 and KMC-WPC 7.30 7.31 7.40 7.50) does not sufficiently validate path information provided by users thus characters representing traverse to parent directory are passed through to the file APIs allowing the attacker to overwrite delete or corrupt arbitrary files on the remote server leading to Path Traversal.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Reference
https://launchpad.support.sap.com//notes/2896682 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202
Attack Complexity
LOW
Privileges Required
LOW
User Interaction Required
LOW
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
8.8
Share on: