Missing XML Validation in SAP NetWeaver Application Server Java User Management Engine
CVE-2020-6202 · HIGH Severity
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
SAP NetWeaver Application Server Java (User Management Engine), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; does not sufficiently validate the LDAP data source configuration XML document accepted from an untrusted source, leading to Missing XML Validation.
Learn more about our Cis Benchmark Audit For Server Software.