Skip links

CVE-2020-6293 Unrestricted File Upload in SAP NetWeaver (Knowledge Management), SAP security note 2938162

Description

SAP NetWeaver (Knowledge Management) allows an unauthenticated attacker to upload a file without requiring any user action. This will allow the attacker to access, or modify or make unavailable existing files but the impact is limited to the files themselves and is restricted by other policies such as access control lists and other upload file size restrictions.

Available fix and Supported packages

  • KMC-BC | 7.30 | 7.30
  • KMC-BC | 7.31 | 7.31
  • KMC-BC | 7.40 | 7.40
  • KMC-BC | 7.50 | 7.50
  • KMC BASE COMPONENTS 7.30 | SP019 | 000003
  • KMC BASE COMPONENTS 7.30 | SP020 | 000001
  • KMC BASE COMPONENTS 7.30 | SP021 | 000000
  • KMC BASE COMPONENTS 7.31 | SP023 | 000002
  • KMC BASE COMPONENTS 7.31 | SP024 | 000002
  • KMC BASE COMPONENTS 7.31 | SP025 | 000002
  • KMC BASE COMPONENTS 7.31 | SP026 | 000001
  • KMC BASE COMPONENTS 7.31 | SP027 | 000000
  • KMC BASE COMPONENTS 7.31 | SP028 | 000000
  • KMC BASE COMPONENTS 7.40 | SP018 | 000002
  • KMC BASE COMPONENTS 7.40 | SP019 | 000002
  • KMC BASE COMPONENTS 7.40 | SP020 | 000002
  • KMC BASE COMPONENTS 7.40 | SP021 | 000001
  • KMC BASE COMPONENTS 7.40 | SP022 | 000000
  • KMC BASE COMPONENTS 7.40 | SP023 | 000000
  • KMC BASE COMPONENTS 7.50 | SP012 | 000002
  • KMC BASE COMPONENTS 7.50 | SP013 | 000001
  • KMC BASE COMPONENTS 7.50 | SP014 | 000002
  • KMC BASE COMPONENTS 7.50 | SP015 | 000002
  • KMC BASE COMPONENTS 7.50 | SP016 | 000001

Affected component

    EP-KM-CM
    Content Management

CVSS

Score: 7.3
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected]

URL

https://launchpad.support.sap.com/#/notes/2938162

TAGS

#broken-authentication
#XSS
#authentication
#KM
#Knowledge-Management
#&160-CVE-2020-6293&160