CVE-2020-6217

Summary

SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP NetWeaver AS ABAP (Business Server Pages Test Application IT05)< 700affected
SAP SESAP NetWeaver AS ABAP (Business Server Pages Test Application IT05)< 701affected
SAP SESAP NetWeaver AS ABAP (Business Server Pages Test Application IT05)< 702affected
SAP SESAP NetWeaver AS ABAP (Business Server Pages Test Application IT05)< 730affected
SAP SESAP NetWeaver AS ABAP (Business Server Pages Test Application IT05)< 731affected
SAP SESAP NetWeaver AS ABAP (Business Server Pages Test Application IT05)< 740affected
SAP SESAP NetWeaver AS ABAP (Business Server Pages Test Application IT05)< 750affected
SAP SESAP NetWeaver AS ABAP (Business Server Pages Test Application IT05)< 751affected
SAP SESAP NetWeaver AS ABAP (Business Server Pages Test Application IT05)< 752affected
SAP SESAP NetWeaver AS ABAP (Business Server Pages Test Application IT05)< 753affected
SAP SESAP NetWeaver AS ABAP (Business Server Pages Test Application IT05)< 754affected

Weaknesses

  • Cross Site Scripting

ADP Enrichment

CVE Program Container

Additional References

References