CVE-2020-6205

Published: Mar 10, 2020Modified: Nov 21, 2024

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

SAP NetWeaver AS ABAP Business Server Pages (Smart Forms), SAP_BASIS versions- 7.00, 7.01, 7.02, 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, 7.51, 7.52, 7.53, 7.54; does not sufficiently encode user controlled inputs, allowing an unauthenticated attacker to non-permanently deface or modify displayed content and/or steal authentication information of the user and/or impersonate the user and access all information with the same rights as the target user, leading to Reflected Cross Site Scripting Vulnerability.

Affected (13)

Products: Sap: Netweaver As Abap Business Server Pages

Sap

1 product

Netweaver As Abap Business Server Pages

Configuration A

13 vulnerable

Vulnerable Software	Affected Versions
Sap Netweaver As Abap Business Server Pages	Version 7.00
Sap Netweaver As Abap Business Server Pages	Version 7.01
Sap Netweaver As Abap Business Server Pages	Version 7.02
Sap Netweaver As Abap Business Server Pages	Version 7.10
Sap Netweaver As Abap Business Server Pages	Version 7.11
Sap Netweaver As Abap Business Server Pages	Version 7.30
Sap Netweaver As Abap Business Server Pages	Version 7.31
Sap Netweaver As Abap Business Server Pages	Version 7.40
Sap Netweaver As Abap Business Server Pages	Version 7.50
Sap Netweaver As Abap Business Server Pages	Version 7.51
Sap Netweaver As Abap Business Server Pages	Version 7.52
Sap Netweaver As Abap Business Server Pages	Version 7.53
Sap Netweaver As Abap Business Server Pages	Version 7.54