CVE-2020-6246

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

6.1MEDIUM

EPSS

0.3%

top 49.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Netweaver AS Abap (business Server Pages Test Application Sbspext Table)SAP Netweaver AS Abap Business Server Pages

Timeline

PublishedJun 10

Latest updateMay 24

Description

SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_TABLE, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5sap_se/sap_netweaver_as_abap_(business_server_pages_test_application_sbspext_table)< 700+10

▶NVDsap/netweaver_as_abap_business11 versions+10

🔴Vulnerability Details

GHSA

GHSA-2jgc-5rvf-93wc: SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_TABLE, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not s↗2022-05-24

▶

CVEList

CVE-2020-6246: SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_TABLE, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not s↗2020-06-10

▶