CVE-2020-6225: Path Traversal
First published: Tue Apr 14 2020(Updated: )
SAP NetWeaver (Knowledge Management), versions (KMC-CM - 7.00, 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 and KMC-WPC 7.30, 7.31, 7.40, 7.50), does not sufficiently validate path information provided by users, thus characters representing traverse to parent directory are passed through to the file APIs, allowing the attacker to overwrite, delete, or corrupt arbitrary files on the remote server, leading to Path Traversal.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP NetWeaver Knowledge Management and Collaboration (KMC-CM) | =7.00 | |
| SAP NetWeaver Knowledge Management and Collaboration (KMC-CM) | =7.01 | |
| SAP NetWeaver Knowledge Management and Collaboration (KMC-CM) | =7.02 | |
| SAP NetWeaver Knowledge Management and Collaboration (KMC-CM) | =7.30 | |
| SAP NetWeaver Knowledge Management and Collaboration (KMC-CM) | =7.31 | |
| SAP NetWeaver Knowledge Management and Collaboration (KMC-CM) | =7.40 | |
| SAP NetWeaver Knowledge Management and Collaboration (KMC-CM) | =7.50 | |
| SAP NetWeaver Knowledge Management and Collaboration | =7.30 | |
| SAP NetWeaver Knowledge Management and Collaboration | =7.31 | |
| SAP NetWeaver Knowledge Management and Collaboration | =7.40 | |
| SAP NetWeaver Knowledge Management and Collaboration | =7.50 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-6225?
CVE-2020-6225 has a critical severity rating due to its ability to allow unauthorized file access.
How do I fix CVE-2020-6225?
Fixing CVE-2020-6225 involves applying the vendor's patches or updates provided for affected versions of SAP NetWeaver.
What are the affected versions in CVE-2020-6225?
CVE-2020-6225 affects SAP NetWeaver Knowledge Management versions 7.00, 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 and KMC-WPC versions 7.30, 7.31, 7.40, and 7.50.
What is the vulnerability associated with CVE-2020-6225?
CVE-2020-6225 allows directory traversal through insufficient validation of path information in the file APIs.
Is CVE-2020-6225 a remote vulnerability?
Yes, CVE-2020-6225 can be exploited remotely, allowing an attacker to access sensitive files on the server.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/sap
- canonical/sap netweaver knowledge management and collaboration (kmc-cm)
- version/sap netweaver knowledge management and collaboration (kmc-cm)/7.00
- version/sap netweaver knowledge management and collaboration (kmc-cm)/7.01
- version/sap netweaver knowledge management and collaboration (kmc-cm)/7.02
- version/sap netweaver knowledge management and collaboration (kmc-cm)/7.30
- version/sap netweaver knowledge management and collaboration (kmc-cm)/7.31
- version/sap netweaver knowledge management and collaboration (kmc-cm)/7.40
- version/sap netweaver knowledge management and collaboration (kmc-cm)/7.50
- canonical/sap netweaver knowledge management and collaboration
- version/sap netweaver knowledge management and collaboration/7.30
- version/sap netweaver knowledge management and collaboration/7.31
- version/sap netweaver knowledge management and collaboration/7.40
- version/sap netweaver knowledge management and collaboration/7.50