CVE-2020-6286

Confirmed PUBLISHED

The insufficient input path validation of certain parameter in the web service of SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30,...

SAP SE · SAP NetWeaver AS JAVA (LM Configuration Wizard)

Not yet in CISA KEV

Exploited in the wild Active exploitation observed PoC available Virtual patch available

Recommended Action

Prioritize immediate patching and validate internet-facing exposure. Monitor for matching exploitation attempts in your environment.

Confidence
Confirmed
Exploitation Status
Active exploitation observed
Observed in Sensors
Yes
Attempts (30d)
Unique Attacker IPs
CISA KEV
Not yet in CISA KEV
Virtual Patch
Yes 3 targets
CVSS / EPSS
5.3 Medium EPSS 28.3%

At a Glance

The insufficient input path validation of certain parameter in the web service of SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to exploit a method to download zip files to a specific directory, leading to Path Traversal.

CVE Published
Jul 14, 2020
Exploitation Reported
Jun 12, 2026
CVSS
5.3 Medium
EPSS
28.3%
Remote Low complexity No user interaction Unauthenticated

Affected Versions

Vendor Product Version Status
SAP SE
SAP NetWeaver AS JAVA (LM Configuration Wizard)

< 7.30

Affected
SAP SE
SAP NetWeaver AS JAVA (LM Configuration Wizard)

< 7.31

Affected
SAP SE
SAP NetWeaver AS JAVA (LM Configuration Wizard)

< 7.40

Affected
SAP SE
SAP NetWeaver AS JAVA (LM Configuration Wizard)

< 7.50

Affected

CVE References

Recommended Actions

  • Prioritize immediate patching and validate internet-facing exposure. Monitor for matching exploitation attempts in your environment.
  • Review sensor telemetry for request paths, attacker IPs, and payload patterns that may inform detection and exposure validation.
  • Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.