CVE-2020-6260

6.5MEDIUM

Key Information:

Vendor: SAP
Status: SAP Solution Manager (trace Analysis)
Vendor: CVE Published:; 10 June 2020

Summary

SAP Solution Manager (Trace Analysis), version 7.20, allows an attacker to inject superflous data that can be displayed by the application, due to Incomplete XML Validation. The application shows additional data that do not actually exist.

Affected Version(s)

SAP Solution Manager (Trace Analysis) < 7.20

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/2915126

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 10, 2020
Vulnerability Reserved
Jan 8, 2020