CVE-2020-6229Cross-site Scripting in SE SAP Netweaver AS Abap

CWE-79Cross-site Scripting3 documents3 sources
Severity
6.1MEDIUMNVD
EPSS
0.2%
top 52.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Netweaver AS AbapSAP Netweaver AS Abap Business Server Pages
Timeline
PublishedApr 14
Latest updateMay 24

Description

SAP NetWeaver AS ABAP (Business Server Pages application CRM_BSP_FRAME), versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not sufficiently encode user controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

NVDsap/netweaver_as_abap_business16 versions+15
CVEListV5sap_se/sap_netweaver_as_abap< 700+15

🔴Vulnerability Details

2
GHSA
GHSA-p9pq-9vfw-wcq6: SAP NetWeaver AS ABAP (Business Server Pages application CRM_BSP_FRAME), versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75C2022-05-24
CVEList
CVE-2020-6229: SAP NetWeaver AS ABAP (Business Server Pages application CRM_BSP_FRAME), versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75C2020-04-14
CVE-2020-6229 — Cross-site Scripting | cvebase