PT-2020-19003 · Sap · Sap Netweaver Application Server Java

Published

2020-03-10

Updated

2021-07-21

CVE-2020-6202

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Application Server Java (User Management Engine) versions 7.10 through 7.50

Description The issue arises from insufficient validation of the LDAP data source configuration XML document accepted from an untrusted source, leading to Missing XML Validation.

Recommendations For versions 7.10 through 7.50, ensure proper validation of XML documents from untrusted sources to prevent missing XML validation issues. As a temporary workaround, consider restricting the acceptance of LDAP data source configuration XML documents from untrusted sources until a proper fix is applied.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2020-6202

Affected Products

Sap Netweaver Application Server Java

PT-2020-19003 · Sap · Sap Netweaver Application Server Java

CVE-2020-6202

Weakness Enumeration

Related Identifiers

Affected Products

References · 4