Missing XML Validation in SAP NetWeaver Application Server Java User Management Engine

Missing XML Validation in SAP NetWeaver Application Server Java User Management Engine

CVE-2020-6202 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

SAP NetWeaver Application Server Java (User Management Engine), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; does not sufficiently validate the LDAP data source configuration XML document accepted from an untrusted source, leading to Missing XML Validation.

Learn more about our Cis Benchmark Audit For Server Software.