Lucene search

K
nvd[email protected]NVD:CVE-2020-6205
HistoryMar 10, 2020 - 9:15 p.m.

CVE-2020-6205

2020-03-1021:15:14
CWE-79
web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

38.8%

SAP NetWeaver AS ABAP Business Server Pages (Smart Forms), SAP_BASIS versions- 7.00, 7.01, 7.02, 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, 7.51, 7.52, 7.53, 7.54; does not sufficiently encode user controlled inputs, allowing an unauthenticated attacker to non-permanently deface or modify displayed content and/or steal authentication information of the user and/or impersonate the user and access all information with the same rights as the target user, leading to Reflected Cross Site Scripting Vulnerability.

Affected configurations

NVD
Node
sapnetweaver_as_abap_business_server_pagesMatch7.00
OR
sapnetweaver_as_abap_business_server_pagesMatch7.01
OR
sapnetweaver_as_abap_business_server_pagesMatch7.02
OR
sapnetweaver_as_abap_business_server_pagesMatch7.10
OR
sapnetweaver_as_abap_business_server_pagesMatch7.11
OR
sapnetweaver_as_abap_business_server_pagesMatch7.30
OR
sapnetweaver_as_abap_business_server_pagesMatch7.31
OR
sapnetweaver_as_abap_business_server_pagesMatch7.40
OR
sapnetweaver_as_abap_business_server_pagesMatch7.50
OR
sapnetweaver_as_abap_business_server_pagesMatch7.51
OR
sapnetweaver_as_abap_business_server_pagesMatch7.52
OR
sapnetweaver_as_abap_business_server_pagesMatch7.53
OR
sapnetweaver_as_abap_business_server_pagesMatch7.54

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

38.8%

Related for NVD:CVE-2020-6205