Lucene search

[email protected]NVD:CVE-2020-26825

HistoryNov 13, 2020 - 3:15 p.m.

CVE-2020-26825

2020-11-1315:15:12

CWE-79

[email protected]

web.nvd.nist.gov

sap fiori launchpad

news tile

xss vulnerability

version 750

version 751

version 752

version 753

version 754

version 755

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

36.1%

JSON

SAP Fiori Launchpad (News tile Application), versions - 750,751,752,753,754,755, allows an unauthorized attacker to use SAP Fiori Launchpad News tile Application to send malicious code, to a different end user (victim), because News tile does not sufficiently encode user controlled inputs, resulting in Reflected Cross-Site Scripting (XSS) vulnerability. Information maintained in the victim’s web browser can be read, modified, and sent to the attacker. The malicious code cannot significantly impact the victim’s browser and the victim can easily close the browser tab to terminate it.

Affected configurations

Nvd

Node

sapfiori_launchpad_\(news_tile_application\)Match750

sapfiori_launchpad_\(news_tile_application\)Match751

sapfiori_launchpad_\(news_tile_application\)Match752

sapfiori_launchpad_\(news_tile_application\)Match753

sapfiori_launchpad_\(news_tile_application\)Match754

sapfiori_launchpad_\(news_tile_application\)Match755

VendorProductVersionCPE
sapfiori_launchpad_\(news_tile_application\)750cpe:2.3:a:sap:fiori_launchpad_\(news_tile_application\):750:*:*:*:*:*:*:*
sapfiori_launchpad_\(news_tile_application\)751cpe:2.3:a:sap:fiori_launchpad_\(news_tile_application\):751:*:*:*:*:*:*:*
sapfiori_launchpad_\(news_tile_application\)752cpe:2.3:a:sap:fiori_launchpad_\(news_tile_application\):752:*:*:*:*:*:*:*
sapfiori_launchpad_\(news_tile_application\)753cpe:2.3:a:sap:fiori_launchpad_\(news_tile_application\):753:*:*:*:*:*:*:*
sapfiori_launchpad_\(news_tile_application\)754cpe:2.3:a:sap:fiori_launchpad_\(news_tile_application\):754:*:*:*:*:*:*:*
sapfiori_launchpad_\(news_tile_application\)755cpe:2.3:a:sap:fiori_launchpad_\(news_tile_application\):755:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sap	fiori_launchpad_\(news_tile_application\)	750	cpe:2.3:a:sap:fiori_launchpad_\(news_tile_application\):750:::::::*
sap	fiori_launchpad_\(news_tile_application\)	751	cpe:2.3:a:sap:fiori_launchpad_\(news_tile_application\):751:::::::*
sap	fiori_launchpad_\(news_tile_application\)	752	cpe:2.3:a:sap:fiori_launchpad_\(news_tile_application\):752:::::::*
sap	fiori_launchpad_\(news_tile_application\)	753	cpe:2.3:a:sap:fiori_launchpad_\(news_tile_application\):753:::::::*
sap	fiori_launchpad_\(news_tile_application\)	754	cpe:2.3:a:sap:fiori_launchpad_\(news_tile_application\):754:::::::*
sap	fiori_launchpad_\(news_tile_application\)	755	cpe:2.3:a:sap:fiori_launchpad_\(news_tile_application\):755:::::::*

References

launchpad.support.sap.com/#/notes/2984627

wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

36.1%

JSON

Related for NVD:CVE-2020-26825

cvelist1 prion1 cve1