CVE-2020-6286

2020-07-14T13:15:00
ID CVE-2020-6286
Type cve
Reporter cve@mitre.org
Modified 2020-07-15T18:15:00

Description

The insufficient input path validation of certain parameter in the web service of SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to exploit a method to download zip files to a specific directory, leading to Path Traversal.