CVE-2020-6217

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

6.1MEDIUM

EPSS

0.4%

top 41.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Netweaver AS Abap (business Server Pages Test Application It05)SAP Netweaver AS Abap Business Server Pages

Timeline

PublishedApr 14

Latest updateMay 24

Description

SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5sap_se/sap_netweaver_as_abap_(business_server_pages_test_application_it05)< 700+10

▶NVDsap/netweaver_as_abap_business11 versions+10

🔴Vulnerability Details

GHSA

GHSA-xrfg-5m62-c7c7: SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not sufficient↗2022-05-24

▶

CVEList

CVE-2020-6217: SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not sufficient↗2020-04-14

▶