CVE-2020-6370 — Cross-site Scripting in SE SAP Netweaver

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

4.8MEDIUMNVD

EPSS

0.2%

top 57.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Netweaver SAP Netweaver Design Time Repository

Timeline

PublishedOct 20

Latest updateMay 24

Description

SAP NetWeaver Design Time Repository (DTR), versions - 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages2 packages

▶NVDsap/netweaver_design_time_repository5 versions+4

▶CVEListV5sap_se/sap_netweaver< 7.11+4

🔴Vulnerability Details

GHSA

GHSA-x4pm-xhrh-gm25: SAP NetWeaver Design Time Repository (DTR), versions - 7↗2022-05-24

▶

CVEList

CVE-2020-6370: SAP NetWeaver Design Time Repository (DTR), versions - 7↗2020-10-20

▶