CVE-2020-6205

Summary

SAP NetWeaver AS ABAP Business Server Pages (Smart Forms), SAP_BASIS versions- 7.00, 7.01, 7.02, 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, 7.51, 7.52, 7.53, 7.54; does not sufficiently encode user controlled inputs, allowing an unauthenticated attacker to non-permanently deface or modify displayed content and/or steal authentication information of the user and/or impersonate the user and access all information with the same rights as the target user, leading to Reflected Cross Site Scripting Vulnerability.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP NetWeaver Application Server ABAP (Smart Forms) - SAP_BASIS< 7.00affected
SAP SESAP NetWeaver Application Server ABAP (Smart Forms) - SAP_BASIS< 7.01affected
SAP SESAP NetWeaver Application Server ABAP (Smart Forms) - SAP_BASIS< 7.02affected
SAP SESAP NetWeaver Application Server ABAP (Smart Forms) - SAP_BASIS< 7.10affected
SAP SESAP NetWeaver Application Server ABAP (Smart Forms) - SAP_BASIS< 7.11affected
SAP SESAP NetWeaver Application Server ABAP (Smart Forms) - SAP_BASIS< 7.30affected
SAP SESAP NetWeaver Application Server ABAP (Smart Forms) - SAP_BASIS< 7.31affected
SAP SESAP NetWeaver Application Server ABAP (Smart Forms) - SAP_BASIS< 7.40affected
SAP SESAP NetWeaver Application Server ABAP (Smart Forms) - SAP_BASIS< 7.50affected
SAP SESAP NetWeaver Application Server ABAP (Smart Forms) - SAP_BASIS< 7.51affected
SAP SESAP NetWeaver Application Server ABAP (Smart Forms) - SAP_BASIS< 7.52affected
SAP SESAP NetWeaver Application Server ABAP (Smart Forms) - SAP_BASIS< 7.53affected
SAP SESAP NetWeaver Application Server ABAP (Smart Forms) - SAP_BASIS< 7.54affected

Weaknesses

  • Cross Site Scripting

ADP Enrichment

CVE Program Container

Additional References

References