XPath Injection in Sap Solution_manager

CVE-2020-6271

SAP Solution Manager (Problem Context Manager), version 7.2, does not perform the necessary authentication, allowing an attacker to consume large amounts of memory, causing the system to crash and read restricted data (files visible for te…

EPSS: 0.012 (63.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.2 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H.

Affected products

Weakness classification (CWE)

Public proof-of-concept exploits

References

Frequently asked questions

What is CVE-2020-6271?
CVE-2020-6271 is a high-severity vulnerability in Sap Solution_manager, classified under XML Injection (Blind XPath Injection). CVSS score: 8.2/10. Published 2020-06-10.
How severe is CVE-2020-6271?
High severity. CVSS v3 base score is 8.2 out of 10.
Is CVE-2020-6271 known to be exploited?
1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.