SAP NetWeaver (Knowledge Management), versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to upload a malicious file and also to access, modify or make unavailable existing files but the impact is limited to the files themselves and is restricted by other policies such as access control lists and other upload file size restrictions, leading to Unrestricted File Upload.
References
Link | Resource |
---|---|
https://launchpad.support.sap.com/#/notes/2938162 | Permissions Required |
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345 | Vendor Advisory |
https://launchpad.support.sap.com/#/notes/2938162 | Permissions Required |
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 05:35
Type | Values Removed | Values Added |
---|---|---|
References | () https://launchpad.support.sap.com/#/notes/2938162 - Permissions Required | |
References | () https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345 - Vendor Advisory |
Information
Published : 2020-08-12 14:15
Updated : 2024-11-21 05:35
NVD link : CVE-2020-6293
Mitre link : CVE-2020-6293
CVE.ORG link : CVE-2020-6293
JSON object : View
Products Affected
sap
- netweaver_knowledge_management
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type