logo
DATABASE RESOURCES PRICING ABOUT US

SAP NetWeaver AS Java Multiple Vulnerabilities

Description

The version of SAP NetWeaver AS Java detected on the remote host may be affected by multiple vulnerabilities, as referenced in SAP Security Note 2934135. - LM Configuration Wizard of SAP NetWeaver AS JAVA, does not perform an authentication check which allows an attacker without prior authentication, to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create an administrative user, and therefore compromising Confidentiality, Integrity and Availability of the system (CVE-2020-6287). - The insufficient input path validation of certain parameter in the web service, allows an unauthenticated attacker to exploit a method to download zip files to a specific directory (CVE-2020-6286). Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.


Related