CVE-2020-6254
6.1
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
SAP Enterprise Threat Detection, versions 1.0, 2.0, does not sufficiently encode error response pages in case of errors, allowing XSS payload reflecting in the response, leading to reflected Cross Site Scripting.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP SE | SAP Enterprise Threat Detection | < 1.0 | affected |
| SAP SE | SAP Enterprise Threat Detection | < 2.0 | affected |
Weaknesses
- Cross Site Scripting
ADP Enrichment
CVE Program Container
Additional References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222
- https://launchpad.support.sap.com/#/notes/2913293
References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222
- https://launchpad.support.sap.com/#/notes/2913293
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.