Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-6203

Опубликовано: 10 мар. 2020
Источник: nvd
CVSS3: 9.1
CVSS3: 9.1
CVSS2: 6.4
EPSS Низкий

Описание

SAP NetWeaver UDDI Server (Services Registry), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing 'traverse to parent directory' are passed through to the file APIs, leading to Path Traversal.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:sap:netweaver:7.10:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver:7.11:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver:7.20:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver:7.30:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver:7.31:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver:7.40:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver:7.50:*:*:*:*:*:*:*

EPSS

Процентиль: 76%
0.00978
Низкий

9.1 Critical

CVSS3

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

github логотип

GHSA-4jj3-8j3g-4c6p

CVSS3: 9.1
github
больше 3 лет назад

SAP NetWeaver UDDI Server (Services Registry), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing 'traverse to parent directory' are passed through to the file APIs, leading to Path Traversal.

EPSS

Процентиль: 76%
0.00978
Низкий

9.1 Critical

CVSS3

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-22