CVE-2020-6366
EUVD-2020-2751620.10.2020, 14:15
SAP NetWeaver (Compare Systems) versions - 7.20, 7.30, 7.40, 7.50, does not sufficiently validate uploaded XML documents. An attacker with administrative privileges can retrieve arbitrary files including files on OS level from the server and/or can execute a denial-of-service.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| sap | netweaver_compare_systems | 7.20 |
| sap | netweaver_compare_systems | 7.30 |
| sap | netweaver_compare_systems | 7.31 |
| sap | netweaver_compare_systems | 7.40 |
| sap | netweaver_compare_systems | 7.50 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration