Vulnerability Details : CVE-2020-6293
SAP NetWeaver (Knowledge Management), versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to upload a malicious file and also to access, modify or make unavailable existing files but the impact is limited to the files themselves and is restricted by other policies such as access control lists and other upload file size restrictions, leading to Unrestricted File Upload.
Products affected by CVE-2020-6293
- cpe:2.3:a:sap:netweaver_knowledge_management:7.30:*:*:*:*:*:*:*
- cpe:2.3:a:sap:netweaver_knowledge_management:7.31:*:*:*:*:*:*:*
- cpe:2.3:a:sap:netweaver_knowledge_management:7.40:*:*:*:*:*:*:*
- cpe:2.3:a:sap:netweaver_knowledge_management:7.50:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-6293
0.45%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 61 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-6293
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.4
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:P/A:N |
10.0
|
4.9
|
NIST | |
|
7.3
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
3.9
|
3.4
|
SAP SE | |
|
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
3.9
|
2.5
|
NIST |
CWE ids for CVE-2020-6293
-
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-6293
-
https://launchpad.support.sap.com/#/notes/2938162
SAP ONE Support Launchpad: Log OnPermissions Required
-
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345
SAP Security Patch Day – August 2020 - Product Security Response at SAP - Community WikiVendor Advisory
Jump to