CVE-2020-6293

Name of the Vulnerable Software and Affected Versions SAP NetWeaver (Knowledge Management) versions 7.30 through 7.50

Description The issue allows an unauthenticated attacker to upload a malicious file and access, modify, or make existing files unavailable. However, the impact is limited to the files themselves and is restricted by other policies such as access control lists and upload file size restrictions. This is related to the absence of restrictions on file uploads in the Knowledge Management component of the SAP NetWeaver platform. An attacker could exploit this to gain access, modify, or make existing files unavailable by using a specially crafted file.

Recommendations For SAP NetWeaver (Knowledge Management) versions 7.30 through 7.50, consider restricting access to file upload functionality to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit the use of the file upload feature to essential users only. Additionally, ensure that access control lists and upload file size restrictions are properly configured to reduce the potential impact. At the moment, there is no information about a newer version that contains a fix for this vulnerability.