CVE-2020-6261

CWE-20Improper Input ValidationCWE-116CWE-743 documents3 sources
Severity
5.3MEDIUM
EPSS
0.2%
top 60.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Solution Manager (trace Analysis)SAP Solution Manager
Timeline
PublishedJul 1
Latest updateMay 24

Description

SAP Solution Manager (Trace Analysis), version 7.20, allows an attacker to perform a log injection into the trace file, due to Incomplete XML Validation. The readability of the trace file is impaired.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-jqg5-fvgm-8j8r: SAP Solution Manager (Trace Analysis), version 72022-05-24
CVEList
CVE-2020-6261: SAP Solution Manager (Trace Analysis), version 72020-07-01
CVE-2020-6261 (MEDIUM CVSS 5.3) | SAP Solution Manager (Trace Analysi | cvebase.io