CVE-2020-6225

HIGH

SAP NetWeaver Knowledge Management (KMC-CM 7.00-7.50, KMC-WPC 7.30-7.50) - Path Traversal

Title source: llm

Description

SAP NetWeaver (Knowledge Management), versions (KMC-CM - 7.00, 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 and KMC-WPC 7.30, 7.31, 7.40, 7.50), does not sufficiently validate path information provided by users, thus characters representing traverse to parent directory are passed through to the file APIs, allowing the attacker to overwrite, delete, or corrupt arbitrary files on the remote server, leading to Path Traversal.

References (2)

Core 2

Core References

Vendor Advisory x_refsource_misc

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202

Permissions Required, Vendor Advisory x_refsource_misc

https://launchpad.support.sap.com/#/notes/2896682

Scores

CVSS v3 8.8

EPSS 0.0054

EPSS Percentile 67.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-22

Status published

Products (11)

sap/netweaver_knowledge_management_and_collaboration_\(kmc-cm\) 7.00

sap/netweaver_knowledge_management_and_collaboration_\(kmc-cm\) 7.01

sap/netweaver_knowledge_management_and_collaboration_\(kmc-cm\) 7.02

sap/netweaver_knowledge_management_and_collaboration_\(kmc-cm\) 7.30

sap/netweaver_knowledge_management_and_collaboration_\(kmc-cm\) 7.31

sap/netweaver_knowledge_management_and_collaboration_\(kmc-cm\) 7.40

sap/netweaver_knowledge_management_and_collaboration_\(kmc-cm\) 7.50

sap/netweaver_knowledge_management_and_collaboration_\(kmc-wpc\) 7.30

sap/netweaver_knowledge_management_and_collaboration_\(kmc-wpc\) 7.31

sap/netweaver_knowledge_management_and_collaboration_\(kmc-wpc\) 7.40

... and 1 more

Published Apr 14, 2020

Tracked Since Feb 18, 2026