Path Traversal Vulnerability in SAP NetWeaver AS JAVA (LM Configuration Wizard)

Path Traversal Vulnerability in SAP NetWeaver AS JAVA (LM Configuration Wizard)

CVE-2020-6286 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

The insufficient input path validation of certain parameter in the web service of SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to exploit a method to download zip files to a specific directory, leading to Path Traversal.

Learn more about our Web App Pen Testing.