Vulnerabilities

CVE-2020-6286

by Fred · 14/07/2020

The insufficient input path validation of certain parameter in the web service of SAP NetWeaver AS JAVA (LM Configuration Wizard), versions – 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to exploit a method to download zip files to a specific directory, leading to Path Traversal.

Date published : 2020-07-14

https://launchpad.support.sap.com/#/notes/2934135

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552599675

Similar

Tags: Cybersecurity Alert