Description
SAP NetWeaver UDDI Server (Services Registry), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing 'traverse to parent directory' are passed through to the file APIs, leading to Path Traversal.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305
Permissions Required x_refsource_misc
https://launchpad.support.sap.com/#/notes/2806198
Scores
CVSS v3
9.1
EPSS
0.0186
EPSS Percentile
76.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Details
CWE
CWE-22
Status
published
Products (7)
sap/netweaver
7.10
sap/netweaver
7.11
sap/netweaver
7.20
sap/netweaver
7.30
sap/netweaver
7.31
sap/netweaver
7.40
sap/netweaver
7.50
Published
Mar 10, 2020
Tracked Since
Feb 18, 2026