CVE-2020-26837Path Traversal in SE SAP Solution Manager

CWE-22Path Traversal3 documents3 sources
Severity
9.1CRITICALNVD
EPSS
0.6%
top 31.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Solution ManagerSAP Solution Manager
Timeline
PublishedDec 9
Latest updateMay 24

Description

SAP Solution Manager 7.2 (User Experience Monitoring), version - 7.2, allows an authenticated user to upload a malicious script that can exploit an existing path traversal vulnerability to compromise confidentiality exposing elements of the file system, partially compromise integrity allowing the modification of some configurations and partially compromise availability by making certain services unavailable.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:LExploitability: 3.1 | Impact: 5.3

Affected Packages2 packages

CVEListV5sap_se/sap_solution_manager< 7.20

🔴Vulnerability Details

2
GHSA
GHSA-fx65-x2vv-6c9m: SAP Solution Manager 72022-05-24
CVEList
CVE-2020-26837: SAP Solution Manager 72020-12-09
CVE-2020-26837 — Path Traversal | cvebase