Path Traversal Vulnerability in SAP NetWeaver Knowledge Management
CVE-2020-6225

9.1CRITICAL

Key Information:

Vendor

SAP
Status
SAP Netweaver (knowledge Management) (kmc-cm)
SAP Netweaver (knowledge Management) (kmc-WPc)
Vendor
CVE Published:
14 April 2020

What is CVE-2020-6225?

SAP NetWeaver's Knowledge Management component is susceptible to a path traversal vulnerability due to inadequate validation of user-supplied path information. This flaw allows an attacker to construct malicious requests that can traverse directories, which may lead to overwriting, deleting, or corrupting arbitrary files on the server. By exploiting this vulnerability, attackers can gain unauthorized access to sensitive files, posing a significant risk to system integrity and confidentiality.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

SAP NetWeaver (Knowledge Management) (KMC-CM) < 7.00 < 7.00

SAP NetWeaver (Knowledge Management) (KMC-CM) < 7.01 < 7.01

SAP NetWeaver (Knowledge Management) (KMC-CM) < 7.02 < 7.02

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...
x_refsource_MISC
https://launchpad.support.sap.com/#/notes/2896682
x_refsource_MISC

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.