CVE-2020-6203Path Traversal in SE SAP Netweaver Uddi Server

CWE-22Path Traversal3 documents3 sources
Severity
9.1CRITICALNVD
EPSS
1.0%
top 23.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Netweaver Uddi ServerSAP Netweaver
Timeline
PublishedMar 10
Latest updateMay 24

Description

SAP NetWeaver UDDI Server (Services Registry), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing 'traverse to parent directory' are passed through to the file APIs, leading to Path Traversal.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 3.9 | Impact: 5.2

Affected Packages2 packages

NVDsap/netweaver7 versions+6

🔴Vulnerability Details

2
GHSA
GHSA-4jj3-8j3g-4c6p: SAP NetWeaver UDDI Server (Services Registry), versions- 72022-05-24
CVEList
CVE-2020-6203: SAP NetWeaver UDDI Server (Services Registry), versions- 72020-03-10
CVE-2020-6203 — Path Traversal | cvebase