CVE-2020-6293

CWE-434 — Unrestricted File Upload3 documents3 sources

Severity

6.5MEDIUM

EPSS

0.3%

top 45.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Netweaver (knowledge Management)SAP Netweaver Knowledge Management

Timeline

PublishedAug 12

Latest updateMay 24

Description

SAP NetWeaver (Knowledge Management), versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to upload a malicious file and also to access, modify or make unavailable existing files but the impact is limited to the files themselves and is restricted by other policies such as access control lists and other upload file size restrictions, leading to Unrestricted File Upload.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.5

Affected Packages2 packages

▶CVEListV5sap_se/sap_netweaver_(knowledge_management)< 7.30+3

▶NVDsap/netweaver_knowledge_management4 versions+3

🔴Vulnerability Details

GHSA

GHSA-g48c-grh6-c63v: SAP NetWeaver (Knowledge Management), versions - 7↗2022-05-24

▶

CVEList

CVE-2020-6293: SAP NetWeaver (Knowledge Management), versions - 7↗2020-08-12

▶