Incomplete XML Validation in SAP Solution Manager Trace Analysis
CVE-2020-6260

6.5MEDIUM

Key Information:

Vendor
SAP
Status
SAP Solution Manager (trace Analysis)
Vendor
CVE Published:
10 June 2020

Summary

A vulnerability in SAP Solution Manager (Trace Analysis) version 7.20 allows attackers to inject superfluous data due to incomplete XML validation. This issue can result in the application displaying additional data that does not actually exist, potentially misleading users or compromising data integrity.

Affected Version(s)

SAP Solution Manager (Trace Analysis) < 7.20

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...
x_refsource_MISC
https://launchpad.support.sap.com/#/notes/2915126
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.