CVE-2020-6229

Summary

SAP NetWeaver AS ABAP (Business Server Pages application CRM_BSP_FRAME), versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not sufficiently encode user controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP NetWeaver AS ABAP (Business Server Pages application CRM_BSP_FRAME)< 700affected
SAP SESAP NetWeaver AS ABAP (Business Server Pages application CRM_BSP_FRAME)< 701affected
SAP SESAP NetWeaver AS ABAP (Business Server Pages application CRM_BSP_FRAME)< 702affected
SAP SESAP NetWeaver AS ABAP (Business Server Pages application CRM_BSP_FRAME)< 710affected
SAP SESAP NetWeaver AS ABAP (Business Server Pages application CRM_BSP_FRAME)< 711affected
SAP SESAP NetWeaver AS ABAP (Business Server Pages application CRM_BSP_FRAME)< 730affected
SAP SESAP NetWeaver AS ABAP (Business Server Pages application CRM_BSP_FRAME)< 731affected
SAP SESAP NetWeaver AS ABAP (Business Server Pages application CRM_BSP_FRAME)< 740affected
SAP SESAP NetWeaver AS ABAP (Business Server Pages application CRM_BSP_FRAME)< 750affected
SAP SESAP NetWeaver AS ABAP (Business Server Pages application CRM_BSP_FRAME)< 751affected
SAP SESAP NetWeaver AS ABAP (Business Server Pages application CRM_BSP_FRAME)< 752affected
SAP SESAP NetWeaver AS ABAP (Business Server Pages application CRM_BSP_FRAME)< 75Aaffected
SAP SESAP NetWeaver AS ABAP (Business Server Pages application CRM_BSP_FRAME)< 75Baffected
SAP SESAP NetWeaver AS ABAP (Business Server Pages application CRM_BSP_FRAME)< 75Caffected
SAP SESAP NetWeaver AS ABAP (Business Server Pages application CRM_BSP_FRAME)< 75Daffected
SAP SESAP NetWeaver AS ABAP (Business Server Pages application CRM_BSP_FRAME)< 75Eaffected

Weaknesses

  • Cross Site Scripting

ADP Enrichment

CVE Program Container

Additional References

References