← back
CVE-2020-6293

CVE-2020-6293

CVSS 7.3 HIGHEPSS 0.9%
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.3EPSS 0.9%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
12 Aug 2020Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
SAP NetWeaver (Knowledge Management), versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to upload a malicious file and also to access, modify or make unavailable existing files but the impact is limited to the files themselves and is restricted by other policies such as access control lists and other upload file size restrictions, leading to Unrestricted File Upload.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Affected products
SAP SE · SAP NetWeaver (Knowledge Management)

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://launchpad.support.sap.com/#/notes/2938162https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345