CVE-2020-6184

Summary

Under certain conditions, ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS versions 7.50, 7.51, 7.52, 7.53, 7.54), does not sufficiently encode user-controlled inputs, resulting in Reflected Cross-Site Scripting (XSS) vulnerability.

Affected Software

VendorProductVersion RangeStatus
SAP SEAutomated Note Search Tool (SAP Basis)< 7.0affected
SAP SEAutomated Note Search Tool (SAP Basis)< 7.01affected
SAP SEAutomated Note Search Tool (SAP Basis)< 7.02affected
SAP SEAutomated Note Search Tool (SAP Basis)< 7.31affected
SAP SEAutomated Note Search Tool (SAP Basis)< 7.4affected
SAP SEAutomated Note Search Tool (SAP Basis)< 7.5affected
SAP SEAutomated Note Search Tool (SAP Basis)< 7.51affected
SAP SEAutomated Note Search Tool (SAP Basis)< 7.52affected
SAP SEAutomated Note Search Tool (SAP Basis)< 7.53affected
SAP SEAutomated Note Search Tool (SAP Basis)< 7.54affected

Weaknesses

  • Missing Authorization Check

ADP Enrichment

CVE Program Container

Additional References

References