CVE-2020-6206
4.7
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
Summary
SAP Cloud Platform Integration for Data Services, version 1.0, allows user inputs to be reflected as error or warning massages. This could mislead the victim to follow malicious instructions inserted by external attackers, leading to Cross Site Request Forgery.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP SE | SAP Cloud Platform Integration for Data Services | < 1.0 | affected |
Weaknesses
- Cross Site Request Forgery
ADP Enrichment
CVE Program Container
Additional References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305
- https://launchpad.support.sap.com/#/notes/2859004
References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305
- https://launchpad.support.sap.com/#/notes/2859004
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.