| |
Vulnerability CVE-2020-6271
Published: 2020-06-10
| Description: |
SAP Solution Manager (Problem Context Manager), version 7.2, does not perform the necessary authentication, allowing an attacker to consume large amounts of memory, causing the system to crash and read restricted data (files visible for technical administration users of the diagnostics agent). |
Type:
CWE-91 (XML Injection (aka Blind XPath Injection))
CVSS2 => (AV:N/AC:L/Au:S/C:P/I:N/A:P)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
5.5/10 |
4.9/10 |
8/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
Low |
Single time |
| Confidentiality impact |
Integrity impact |
Availability impact |
Partial |
None |
Partial |
References: |
https://launchpad.support.sap.com/#/notes/2931391
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
