CVE-2020-6319

Summary

SAP NetWeaver Application Server Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50 allows an unauthenticated attacker to include JavaScript blocks in any web page or URL with different symbols which are otherwise not allowed. On successful exploitation an attacker can steal authentication information of the user, such as data relating to his or her current session and limitedly impact confidentiality and integrity of the application, leading to Reflected Cross Site Scripting.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP NetWeaver Application Server Java< 7.10affected
SAP SESAP NetWeaver Application Server Java< 7.11affected
SAP SESAP NetWeaver Application Server Java< 7.20affected
SAP SESAP NetWeaver Application Server Java< 7.30affected
SAP SESAP NetWeaver Application Server Java< 7.31affected
SAP SESAP NetWeaver Application Server Java< 7.40affected
SAP SESAP NetWeaver Application Server Java< 7.50affected

Weaknesses

  • Cross Site Scripting

ADP Enrichment

CVE Program Container

Additional References

References