CVE-2020-6254
Published May 12, 2020
Last updated 5 years ago
Overview
- Description
- SAP Enterprise Threat Detection, versions 1.0, 2.0, does not sufficiently encode error response pages in case of errors, allowing XSS payload reflecting in the response, leading to reflected Cross Site Scripting.
- Source
- cna@sap.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 6.1
- Impact score
- 2.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
CVSS 3.0
- Type
- Secondary
- Base score
- 6.1
- Impact score
- 2.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-79
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:enterprise_threat_detection:1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AFAC02F4-7EFF-498A-B9C7-A10601D3E787"
},
{
"criteria": "cpe:2.3:a:sap:enterprise_threat_detection:2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DF020EBF-3430-49F4-B33F-C6410BB3E821"
}
],
"operator": "OR"
}
]
}
]