The insufficient input path validation of certain parameter in the web service of SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to exploit a method to download zip files to a specific directory, leading to Path Traversal.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: sap
Published: 2020-07-14T12:30:14
Updated: 2024-08-04T08:55:22.280Z
Reserved: 2020-01-08T00:00:00
Link: CVE-2020-6286
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2020-07-14T13:15:12.923
Modified: 2020-07-15T18:15:22.660
Link: CVE-2020-6286
Redhat
No data.