Vulnerabilities (CVE)

Filtered by vendor Sap Subscribe
Filtered by product Netweaver As Abap Business Server Pages
Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-6324 1 Sap 1 Netweaver As Abap Business Server Pages 2022-05-16 4.3 MEDIUM 6.1 MEDIUM
SAP Netweaver AS ABAP(BSP Test Application sbspext_table), version-700,701,720,730,731,740,750,751,752,753,754,755, allows an unauthenticated attacker to send polluted URL to the victim, when the victim clicks on this URL, the attacker can read, modify the information available in the victim?s browser leading to Reflected Cross Site Scripting.
CVE-2020-6246 1 Sap 1 Netweaver As Abap Business Server Pages 2020-06-16 4.3 MEDIUM 6.1 MEDIUM
SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_TABLE, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.
CVE-2020-6213 1 Sap 1 Netweaver As Abap Business Server Pages 2020-05-05 4.3 MEDIUM 6.1 MEDIUM
SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_PHTMLB, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, is vulnerable to reflected Cross-Site Scripting (XSS) via different URL parameters as it does not sufficiently encode user controlled inputs.
CVE-2020-6217 1 Sap 1 Netweaver As Abap Business Server Pages 2020-04-24 4.3 MEDIUM 6.1 MEDIUM
SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.
CVE-2020-6215 1 Sap 1 Netweaver As Abap Business Server Pages 2020-04-15 5.8 MEDIUM 6.1 MEDIUM
SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, allows an attacker to redirect users to a malicious site due to insufficient URL validation and steal credentials of the victim, leading to URL Redirection vulnerability.
CVE-2020-6229 1 Sap 1 Netweaver As Abap Business Server Pages 2020-04-15 4.3 MEDIUM 6.1 MEDIUM
SAP NetWeaver AS ABAP (Business Server Pages application CRM_BSP_FRAME), versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not sufficiently encode user controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.
CVE-2020-6205 1 Sap 2 Netweaver As Abap Business Server Pages, Netweaver As Abap Business Server Pages 2020-03-12 4.3 MEDIUM 6.1 MEDIUM
SAP NetWeaver AS ABAP Business Server Pages (Smart Forms), SAP_BASIS versions- 7.00, 7.01, 7.02, 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, 7.51, 7.52, 7.53, 7.54; does not sufficiently encode user controlled inputs, allowing an unauthenticated attacker to non-permanently deface or modify displayed content and/or steal authentication information of the user and/or impersonate the user and access all information with the same rights as the target user, leading to Reflected Cross Site Scripting Vulnerability.