CVE-2020-6254

Summary

SAP Enterprise Threat Detection, versions 1.0, 2.0, does not sufficiently encode error response pages in case of errors, allowing XSS payload reflecting in the response, leading to reflected Cross Site Scripting.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP Enterprise Threat Detection< 1.0affected
SAP SESAP Enterprise Threat Detection< 2.0affected

Weaknesses

  • Cross Site Scripting

ADP Enrichment

CVE Program Container

Additional References

References