CVE-2020-6246

Summary

SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_TABLE, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP NetWeaver AS ABAP (Business Server Pages Test Application SBSPEXT_TABLE)< 700affected
SAP SESAP NetWeaver AS ABAP (Business Server Pages Test Application SBSPEXT_TABLE)< 701affected
SAP SESAP NetWeaver AS ABAP (Business Server Pages Test Application SBSPEXT_TABLE)< 702affected
SAP SESAP NetWeaver AS ABAP (Business Server Pages Test Application SBSPEXT_TABLE)< 730affected
SAP SESAP NetWeaver AS ABAP (Business Server Pages Test Application SBSPEXT_TABLE)< 731affected
SAP SESAP NetWeaver AS ABAP (Business Server Pages Test Application SBSPEXT_TABLE)< 740affected
SAP SESAP NetWeaver AS ABAP (Business Server Pages Test Application SBSPEXT_TABLE)< 750affected
SAP SESAP NetWeaver AS ABAP (Business Server Pages Test Application SBSPEXT_TABLE)< 751affected
SAP SESAP NetWeaver AS ABAP (Business Server Pages Test Application SBSPEXT_TABLE)< 752affected
SAP SESAP NetWeaver AS ABAP (Business Server Pages Test Application SBSPEXT_TABLE)< 753affected
SAP SESAP NetWeaver AS ABAP (Business Server Pages Test Application SBSPEXT_TABLE)< 754affected

Weaknesses

  • Cross Site Scripting

ADP Enrichment

CVE Program Container

Additional References

References