Vulnerability CVE-2020-6271


Published: 2020-06-10

Description:
SAP Solution Manager (Problem Context Manager), version 7.2, does not perform the necessary authentication, allowing an attacker to consume large amounts of memory, causing the system to crash and read restricted data (files visible for technical administration users of the diagnostics agent).

Type:

CWE-91

(XML Injection (aka Blind XPath Injection))

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5.5/10
4.9/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
None
Partial
Affected software
SAP -> Solution manager 

 References:
https://launchpad.support.sap.com/#/notes/2931391
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775

Copyright 2020, cxsecurity.com

 

Back to Top