CVE-2020-6203

CRITICAL Year: 2020
CVSS v3 Score
9.1
Critical
CVSS v2 Score
6.4
Medium
Weakness Type
CWE-22
View all →

Vulnerability Description

SAP NetWeaver UDDI Server (Services Registry), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing 'traverse to parent directory' are passed through to the file APIs, leading to Path Traversal.

Related Vulnerabilities

CVE-2012-6664

CRITICAL
CVSS:9.1(Critical)

Multiple directory traversal vulnerabilities in the TFTP Server in Distinct Intranet Servers 3.10 and earlier allow remote attackers to read or write arbitrary files via a .. (dot dot) in the (1) get ...

CWE-222012

CVE-2014-10390

CRITICAL
CVSS:9.1(Critical)

The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has directory traversal.

CWE-222014

CVE-2014-3702

CRITICAL
CVSS:9.1(Critical)

Directory traversal vulnerability in eNovance eDeploy allows remote attackers to create arbitrary directories and files and consequently cause a denial of service (resource consumption) via a .. (dot ...

CWE-222014

CVE-2015-4068

CRITICAL
CVSS:9.1(Critical)

Directory traversal vulnerability in Arcserve UDP before 5.0 Update 4 allows remote attackers to obtain sensitive information or cause a denial of service via a crafted file path to the (1) reportFile...

CWE-222015

CVE-2015-5609

CRITICAL
CVSS:9.1(Critical)

Absolute path traversal vulnerability in the Image Export plugin 1.1 for WordPress allows remote attackers to read and delete arbitrary files via a full pathname in the file parameter to download.php.

CWE-222015

CVE-2015-9277

CRITICAL
CVSS:9.1(Critical)

MailEnable before 8.60 allows Directory Traversal for reading the messages of other users, uploading files, and deleting files because "/../" and "/.. /" are mishandled.

CWE-222015