Incomplete XML Validation in SAP Solution Manager Trace Analysis
CVE-2020-6260

6.5MEDIUM

Key Information:

Vendor: SAP
Status: SAP Solution Manager (trace Analysis)
Vendor: CVE Published:; 10 June 2020

What is CVE-2020-6260?

A vulnerability in SAP Solution Manager (Trace Analysis) version 7.20 allows attackers to inject superfluous data due to incomplete XML validation. This issue can result in the application displaying additional data that does not actually exist, potentially misleading users or compromising data integrity.

Affected Version(s)

SAP Solution Manager (Trace Analysis) < 7.20

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/2915126

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 10, 2020
Vulnerability Reserved
Jan 8, 2020