exploitDog

GHSA-fh47-4vp6-4g46

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

Описание

SAP NetWeaver (Compare Systems) versions - 7.20, 7.30, 7.40, 7.50, does not sufficiently validate uploaded XML documents. An attacker with administrative privileges can retrieve arbitrary files including files on OS level from the server and/or can execute a denial-of-service.

SAP NetWeaver (Compare Systems) versions - 7.20, 7.30, 7.40, 7.50, does not sufficiently validate uploaded XML documents. An attacker with administrative privileges can retrieve arbitrary files including files on OS level from the server and/or can execute a denial-of-service.

Ссылки

EPSS

Процентиль: 62%

0.00425

Низкий

CVE ID

Дефекты

CWE-20

Связанные уязвимости

CVE-2020-6366

CVSS3: 6.5

nvd

больше 5 лет назад

SAP NetWeaver (Compare Systems) versions - 7.20, 7.30, 7.40, 7.50, does not sufficiently validate uploaded XML documents. An attacker with administrative privileges can retrieve arbitrary files including files on OS level from the server and/or can execute a denial-of-service.

EPSS

Процентиль: 62%

0.00425

Низкий

CVE ID

Дефекты

CWE-20