CVE-2020-6293

{"id": "CVE-2020-6293", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "cna@sap.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 3.9}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 3.9}]}, "published": "2020-08-12T14:15:13.957", "references": [{"url": "https://launchpad.support.sap.com/#/notes/2938162", "tags": ["Permissions Required"], "source": "cna@sap.com"}, {"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345", "tags": ["Vendor Advisory"], "source": "cna@sap.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "SAP NetWeaver (Knowledge Management), versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to upload a malicious file and also to access, modify or make unavailable existing files but the impact is limited to the files themselves and is restricted by other policies such as access control lists and other upload file size restrictions, leading to Unrestricted File Upload."}, {"lang": "es", "value": "SAP NetWeaver (Knowledge Management), versiones - 7.30, 7.31, 7.40, 7.50, permite a un atacante no autenticado cargar un archivo malicioso y tambi\u00e9n acceder, modificar o hacer que los archivos existentes no est\u00e9n disponibles, pero el impacto es limitado a los archivos en s\u00ed y est\u00e1 restringido por otras pol\u00edticas, tales como listas de control de acceso y otras restricciones de tama\u00f1o de archivo de carga, conllevando a una carga de Archivos Sin Restricciones"}], "lastModified": "2020-08-13T20:30:33.043", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:netweaver_knowledge_management:7.30:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "69E7BD55-6020-4CF5-9B1C-AAC6161403E0"}, {"criteria": "cpe:2.3:a:sap:netweaver_knowledge_management:7.31:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F6A9823F-8736-44E1-8F51-7149236A85C2"}, {"criteria": "cpe:2.3:a:sap:netweaver_knowledge_management:7.40:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "67365283-2C5E-448E-A9F7-8AA033B57F67"}, {"criteria": "cpe:2.3:a:sap:netweaver_knowledge_management:7.50:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "95298857-D440-4323-ACAE-A1097DBC5C13"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}