CVE-2020-6185Cross-site Scripting in SE SAP Netweaver

CWE-79Cross-site Scripting3 documents3 sources
Severity
5.4MEDIUMNVD
EPSS
0.3%
top 49.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
SAP SE SAP NetweaverSAP SE SAP S 4hanaSAP Netweaver+1 more
Timeline
PublishedFeb 12
Latest updateMay 24

Description

Under certain conditions ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS versions 7.50, 7.51, 7.52, 7.53, 7.54), allows an authenticated attacker to store a malicious payload which results in Stored Cross Site Scripting vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages4 packages

NVDsap/s_4hana5 versions+4
NVDsap/netweaver7.40
CVEListV5sap_se/sap_s_4hana5 versions+4
CVEListV5sap_se/sap_netweaver= 7.40

🔴Vulnerability Details

2
GHSA
GHSA-hv2v-5wv6-cwqf: Under certain conditions ABAP Online Community in SAP NetWeaver (SAP_BASIS version 72022-05-24
CVEList
CVE-2020-6185: Under certain conditions ABAP Online Community in SAP NetWeaver (SAP_BASIS version 72020-02-12
CVE-2020-6185 — Cross-site Scripting | cvebase