Vulnerability: CVE-2020-6293

SAP NetWeaver (Knowledge Management), versions – 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to upload a malicious file and also to access, modify or make unavailable existing files but the impact is limited to the files themselves and is restricted by other policies such as access control lists and other upload file size restrictions, leading to Unrestricted File Upload.


https://launchpad.support.sap.com/#/notes/2938162
https://launchpad.support.sap.com/#/notes/2938162
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6293


It's possible to leave a comment as registered users to the site, accessing through social, wordpress account or as anonymous users. If you want to leave a comment as an anonymous user you will be notified by email of a possible response only if you enter the email address (optional). The insertion of any data in the comment fields is totally optional. Whoever decides to insert any data accepts the treatment of these last ones for the inherent purposes of the service that is the answer to the comment and the strictly necessary communications.


Leave a Reply