The solution covers missing authentication issue (CVE-2020-6287) and path traversal problem (CVE-2020-6286)
CVE-2020-6287:
"LM Configuration Wizard of SAP NetWeaver AS JAVA, does not perform an authentication check which allows an attacker without prior authentication, to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create an administrative user, and therefore compromising Confidentiality, Integrity and Availability of the system."
"The insufficient input path validation of certain parameter in the web service, allows an unauthenticated attacker to exploit a method to download zip files to a specific directory."
1 comment
[ 3.0 ms ] story [ 8.6 ms ] threadThe solution covers missing authentication issue (CVE-2020-6287) and path traversal problem (CVE-2020-6286)
CVE-2020-6287:
"LM Configuration Wizard of SAP NetWeaver AS JAVA, does not perform an authentication check which allows an attacker without prior authentication, to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create an administrative user, and therefore compromising Confidentiality, Integrity and Availability of the system."
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6287...
CVE-2020-6286:
"The insufficient input path validation of certain parameter in the web service, allows an unauthenticated attacker to exploit a method to download zip files to a specific directory."
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6286...