CVE-2020-6324

SAP Netweaver AS ABAP(BSP Test Application sbspext_table), version-700,701,720,730,731,740,750,751,752,753,754,755, allows an unauthenticated attacker to send polluted URL to the victim, when the victim clicks on this URL, the attacker can read, modify the information available in the victim?s browser leading to Reflected Cross Site Scripting.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:700:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:701:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:702:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:730:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:731:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:740:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:750:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:751:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:752:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:753:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:754:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:755:*:*:*:*:*:*:*

History

21 Sep 2021, 17:59

Type Values Removed Values Added
References (MISC) https://launchpad.support.sap.com/#/notes/2948239 - Permissions Required (MISC) https://launchpad.support.sap.com/#/notes/2948239 - Permissions Required, Vendor Advisory

Information

Published : 2020-09-09 14:15

Updated : 2023-12-10 13:27


NVD link : CVE-2020-6324

Mitre link : CVE-2020-6324

CVE.ORG link : CVE-2020-6324


JSON object : View

Products Affected

sap

  • netweaver_as_abap_business_server_pages
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')