CVE-2020-6203: Path Traversal
First published: Tue Mar 10 2020(Updated: )
SAP NetWeaver UDDI Server (Services Registry), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing 'traverse to parent directory' are passed through to the file APIs, leading to Path Traversal.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP NetWeaver | =7.10 | |
| SAP NetWeaver | =7.11 | |
| SAP NetWeaver | =7.20 | |
| SAP NetWeaver | =7.30 | |
| SAP NetWeaver | =7.31 | |
| SAP NetWeaver | =7.40 | |
| SAP NetWeaver | =7.50 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this SAP NetWeaver UDDI Server (Services Registry) vulnerability?
The vulnerability ID for this SAP NetWeaver UDDI Server (Services Registry) vulnerability is CVE-2020-6203.
What is the severity level of CVE-2020-6203?
The severity level of CVE-2020-6203 is critical with a severity value of 9.1.
Which versions of SAP NetWeaver UDDI Server (Services Registry) are affected by this vulnerability?
Versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50 of SAP NetWeaver UDDI Server (Services Registry) are affected by this vulnerability.
How can an attacker exploit this vulnerability?
An attacker can exploit this vulnerability by exploiting insufficient validation of path information provided by users, leading to the passing of 'traverse to parent directory' characters to the file APIs.
Is there a fix available for CVE-2020-6203?
Yes, SAP has released security notes and patches to address the vulnerability. Please refer to the SAP support portal for more information.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/author
- agent/severity
- agent/tags
- agent/description
- agent/type
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/sap
- canonical/sap netweaver
- version/sap netweaver/7.10
- version/sap netweaver/7.11
- version/sap netweaver/7.20
- version/sap netweaver/7.30
- version/sap netweaver/7.31
- version/sap netweaver/7.40
- version/sap netweaver/7.50