CVE-2020-6225: Path Traversal

First published: Tue Apr 14 2020(Updated: )

SAP NetWeaver (Knowledge Management), versions (KMC-CM - 7.00, 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 and KMC-WPC 7.30, 7.31, 7.40, 7.50), does not sufficiently validate path information provided by users, thus characters representing traverse to parent directory are passed through to the file APIs, allowing the attacker to overwrite, delete, or corrupt arbitrary files on the remote server, leading to Path Traversal.

Credit: cna@sap.com

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/nvd-index
• agent/severity
• agent/weakness
• agent/references
• agent/author
• agent/tags
• agent/description
• agent/type
• agent/event
• agent/softwarecombine
• agent/first-publish-date
• agent/last-modified-date
• collector/mitre-cve
• source/MITRE
• vendor/sap
• canonical/sap netweaver knowledge management and collaboration \(kmc-cm\)
• version/sap netweaver knowledge management and collaboration \(kmc-cm\)/7.00
• version/sap netweaver knowledge management and collaboration \(kmc-cm\)/7.01
• version/sap netweaver knowledge management and collaboration \(kmc-cm\)/7.02
• version/sap netweaver knowledge management and collaboration \(kmc-cm\)/7.30
• version/sap netweaver knowledge management and collaboration \(kmc-cm\)/7.31
• version/sap netweaver knowledge management and collaboration \(kmc-cm\)/7.40
• version/sap netweaver knowledge management and collaboration \(kmc-cm\)/7.50
• canonical/sap netweaver knowledge management and collaboration \(kmc-wpc\)
• version/sap netweaver knowledge management and collaboration \(kmc-wpc\)/7.30
• version/sap netweaver knowledge management and collaboration \(kmc-wpc\)/7.31
• version/sap netweaver knowledge management and collaboration \(kmc-wpc\)/7.40
• version/sap netweaver knowledge management and collaboration \(kmc-wpc\)/7.50