CVE-2020-6284

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
9.0CRITICAL
EPSS
0.9%
top 24.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Netweaver (knowledge Management)SAP Netweaver Knowledge Management
Timeline
PublishedAug 12
Latest updateMay 24

Description

SAP NetWeaver (Knowledge Management), versions - 7.30, 7.31, 7.40, 7.50, allows the automatic execution of script content in a stored file due to inadequate filtering with the accessing user's privileges. If the accessing user has administrative privileges, then the execution of the script content could result in complete compromise of system confidentiality, integrity and availability, leading to Stored Cross Site Scripting.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:HExploitability: 2.3 | Impact: 6.0

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-qh9g-xc58-f7h9: SAP NetWeaver (Knowledge Management), versions - 72022-05-24
CVEList
CVE-2020-6284: SAP NetWeaver (Knowledge Management), versions - 72020-08-12