Security Advisory

CVE-2020-6225

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-04-14 19:40:25

Last updated 2024-08-04 08:55:22

Assigner sap

State PUBLISHED

Description

SAP NetWeaver (Knowledge Management), versions (KMC-CM - 7.00, 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 and KMC-WPC 7.30, 7.31, 7.40, 7.50), does not sufficiently validate path information provided by users, thus characters representing traverse to parent directory are passed through to the file APIs, allowing the attacker to overwrite, delete, or corrupt arbitrary files on the remote server, leading to Path Traversal.

← Browse all CVEs View on cve.org ↗