XPath Injection in Sap Solution_manager
CVE-2020-6271
SAP Solution Manager (Problem Context Manager), version 7.2, does not perform the necessary authentication, allowing an attacker to consume large amounts of memory, causing the system to crash and read restricted data (files visible for te…
EPSS: 0.012 (63.2th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.2 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H.
Affected products
- Sap Solution_manager — versions 7.2
- Sap Se Solution Manager (Problem Context Manager) — versions < 7.2
Weakness classification (CWE)
Public proof-of-concept exploits
References
- cna@sap.com (x_refsource_MISC, Vendor Advisory)
- cna@sap.com (Permissions Required, x_refsource_MISC)
Frequently asked questions
- What is CVE-2020-6271?
- CVE-2020-6271 is a high-severity vulnerability in Sap Solution_manager, classified under XML Injection (Blind XPath Injection). CVSS score: 8.2/10. Published 2020-06-10.
- How severe is CVE-2020-6271?
- High severity. CVSS v3 base score is 8.2 out of 10.
- Is CVE-2020-6271 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.