CVE-2020-6205
Published Mar 10, 2020
Last updated a year ago
Overview
- Description
- SAP NetWeaver AS ABAP Business Server Pages (Smart Forms), SAP_BASIS versions- 7.00, 7.01, 7.02, 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, 7.51, 7.52, 7.53, 7.54; does not sufficiently encode user controlled inputs, allowing an unauthenticated attacker to non-permanently deface or modify displayed content and/or steal authentication information of the user and/or impersonate the user and access all information with the same rights as the target user, leading to Reflected Cross Site Scripting Vulnerability.
- Source
- cna@sap.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 6.1
- Impact score
- 2.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
CVSS 3.0
- Type
- Secondary
- Base score
- 6.1
- Impact score
- 2.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-79
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.00:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2E6E948A-59A4-460A-8369-68E9A94CA4EC"
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.01:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2B2AC049-E6B5-4954-875A-7E66F2CEFEDF"
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.02:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1097BE81-D7C7-4288-82A8-F5FA0EB492E3"
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A14A2CCD-4E29-42BF-94E8-6FBCF7265132"
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FC7F939D-7BC7-48DF-BBC7-867341F841CC"
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.30:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "66D0CBF3-A0C0-4125-87D2-15DC05990986"
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.31:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D4AA4EAF-ED70-4FEC-85B5-C8229EB5F600"
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.40:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0F822C6B-3047-4EB1-9A85-EE10EA592DE4"
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.50:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "689471D5-2189-48AF-ACE9-41DA4B642B1E"
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.51:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CD618C71-34FF-414C-86DC-C43C5EEF5D20"
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.52:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8E4BD107-F102-4859-9439-955F4DACE96F"
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.53:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0AC0B6B2-BE6F-4745-ACE4-245B0685734F"
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.54:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "07A358CC-0FE7-4665-B595-169F784A5AC1"
}
],
"operator": "OR"
}
]
}
]