CVE-2020-6293
Last modified
CVE-2020-6293 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. SAP NetWeaver (Knowledge Management), versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to upload a malicious file and also to access, modify or make unavailable existing files but the impact is limited to the files themselves and is restricted by other policies such as access control lists and other upload file size restrictions, leading to Unrestricted File Upload.. EPSS estimates a 0.93% chance of exploitation in the next 30 days.
Description
SAP NetWeaver (Knowledge Management), versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to upload a malicious file and also to access, modify or make unavailable existing files but the impact is limited to the files themselves and is restricted by other policies such as access control lists and other upload file size restrictions, leading to Unrestricted File Upload.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Sap | Netweaver Knowledge Management | 7.30 |
| Sap | Netweaver Knowledge Management | 7.31 |
| Sap | Netweaver Knowledge Management | 7.40 |
| Sap | Netweaver Knowledge Management | 7.50 |
References
- https://launchpad.support.sap.com/#/notes/2938162Permissions Required
- https://launchpad.support.sap.com/#/notes/2938162Permissions Required
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-6293?
How severe is CVE-2020-6293?
How do I fix CVE-2020-6293?
Are you affected by CVE-2020-6293?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST