CVE-2020-6368 — Cross-site Scripting in SE SAP Business Planning AND Consolidation

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

5.4MEDIUMNVD

EPSS

0.4%

top 40.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Business Planning AND Consolidation SAP Business Planning AND Consolidation

Timeline

PublishedOct 15

Latest updateMay 24

Description

SAP Business Planning and Consolidation, versions - 750, 751, 752, 753, 754, 755, 810, 100, 200, can be abused by an attacker, allowing them to modify displayed application content without authorization, and to potentially obtain authentication information from other legitimate users, leading to Cross Site Scripting.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5sap_se/sap_business_planning_and_consolidation< 750+8

▶NVDsap/business_planning_and_consolidation9 versions+8

🔴Vulnerability Details

GHSA

GHSA-hrc5-9pp2-965p: SAP Business Planning and Consolidation, versions - 750, 751, 752, 753, 754, 755, 810, 100, 200, can be abused by an attacker, allowing them to modify↗2022-05-24

▶

CVEList

CVE-2020-6368: SAP Business Planning and Consolidation, versions - 750, 751, 752, 753, 754, 755, 810, 100, 200, can be abused by an attacker, allowing them to modify↗2020-10-15

▶