CVE-2020-6260

Published: Jun 10, 2020Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

SAP Solution Manager (Trace Analysis), version 7.20, allows an attacker to inject superflous data that can be displayed by the application, due to Incomplete XML Validation. The application shows additional data that do not actually exist.

Affected (1)

Products: Sap: Solution Manager

Sap

1 product

Solution Manager

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sap Solution Manager	Version 7.20

Related CWEs

CWE-91

XML Injection (aka Blind XPath Injection)

The product does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system.

References (4)

https://launchpad.support.sap.com/#/notes/2915126

Source: cna@sap.com

Permissions Required

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775

Source: cna@sap.com

Vendor Advisory

https://launchpad.support.sap.com/#/notes/2915126

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.