CVE-2020-6366Improper Input Validation in SE SAP Netweaver

CWE-20Improper Input Validation3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
0.4%
top 37.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP NetweaverSAP Netweaver Compare Systems
Timeline
PublishedOct 20
Latest updateMay 24

Description

SAP NetWeaver (Compare Systems) versions - 7.20, 7.30, 7.40, 7.50, does not sufficiently validate uploaded XML documents. An attacker with administrative privileges can retrieve arbitrary files including files on OS level from the server and/or can execute a denial-of-service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:HExploitability: 1.2 | Impact: 5.2

Affected Packages2 packages

CVEListV5sap_se/sap_netweaver< 7.20+4

🔴Vulnerability Details

2
GHSA
GHSA-fh47-4vp6-4g46: SAP NetWeaver (Compare Systems) versions - 72022-05-24
CVEList
CVE-2020-6366: SAP NetWeaver (Compare Systems) versions - 72020-10-20
CVE-2020-6366 — Improper Input Validation | cvebase