CVE-2020-6305 — Cross-site Scripting in SE SAP Process Integration Rest Adapter

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

6.1MEDIUMNVD

EPSS

0.3%

top 48.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Process Integration Rest Adapter SAP Process Integration

Timeline

PublishedJan 14

Latest updateMay 24

Description

PI Rest Adapter of SAP Process Integration (update provided in SAP_XIAF 7.31, 7.40, 7.50) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5sap_se/sap_process_integration_rest_adapter< 7.31+2

▶NVDsap/process_integration7.31, 7.40, 7.50+2

🔴Vulnerability Details

GHSA

GHSA-hqh8-79fw-qv7p: PI Rest Adapter of SAP Process Integration (update provided in SAP_XIAF 7↗2022-05-24

▶

CVEList

CVE-2020-6305: PI Rest Adapter of SAP Process Integration (update provided in SAP_XIAF 7↗2020-01-14

▶