SAP Solution Manager version 7.20 XML Injection (aka Blind XPath Injection) Vulnerability

Summary

SAP Solution Manager (Trace Analysis), version 7.20, allows an attacker to inject superflous data that can be displayed by the application, due to Incomplete XML Validation.

Credit:

The information has been provided by Vendor

The original article can be found at:https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775


Details

The application shows additional data that do not actually exist.

 

Vulnerable Systems:

SAP Solution Manager version 7.20

 

CVE Information:

CVE-2020-6260

Disclosure Timeline:
Published Date:6/10/2020

Categories: News