chipik

3 exploits Active since Mar 2020
CVE-2020-6287 NOMISEC CRITICAL WORKING POC
SAP NetWeaver AS JAVA - Missing Authentication Check
SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create an administrative user, and therefore compromising Confidentiality, Integrity and Availability of the system, leading to Missing Authentication Check.
225 stars
CVSS 10.0
CVE-2020-6207 NOMISEC CRITICAL WRITEUP
SAP Solution Manager 7.2 - Auth Bypass
SAP Solution Manager (User Experience Monitoring), version- 7.2, due to Missing Authentication Check does not perform any authentication for a service resulting in complete compromise of all SMDAgents connected to the Solution Manager.
81 stars
CVSS 9.8
CVE-2020-6286 VULNCHECK_XDB MEDIUM WORKING POC
SAP NetWeaver AS JAVA <7.50 - Path Traversal
The insufficient input path validation of certain parameter in the web service of SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to exploit a method to download zip files to a specific directory, leading to Path Traversal.
CVSS 5.3