CVE-2020-6323
N/A
N/A
Summary
SAP NetWeaver Enterprise Portal (Fiori Framework Page) versions - 7.50, 7.31, 7.40, does not sufficiently encode user-controlled inputs and allows an attacker on a valid session to create an XSS that will be both reflected immediately and also be persisted and returned in further access to the system, resulting in Cross Site Scripting.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP SE | SAP NetWeaver Enterprise Portal (Fiori Framework Page) | < 7.50 | affected |
| SAP SE | SAP NetWeaver Enterprise Portal (Fiori Framework Page) | < 7.31 | affected |
| SAP SE | SAP NetWeaver Enterprise Portal (Fiori Framework Page) | < 7.40 | affected |
Weaknesses
- Cross Site Scripting
ADP Enrichment
CVE Program Container
Additional References
- https://launchpad.support.sap.com/#/notes/2960329
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196
References
- https://launchpad.support.sap.com/#/notes/2960329
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.