CVE-2020-6202 MEDIUM

CVE-2020-6202

Vendor Sap Se
Product SAP NetWeaver Application Server Java (User Management Engine)
Published March 10, 2020
Last update August 4, 2024

CVSS base score

5.5/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L

What the vulnerability does

01Description

SAP NetWeaver Application Server Java (User Management Engine), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; does not sufficiently validate the LDAP data source configuration XML document accepted from an untrusted source, leading to Missing XML Validation.

Key dates

02Disclosure timeline

March 10, 2020 CVE published
August 4, 2024 Record updated