CVE-2020-6368
5.4
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
SAP Business Planning and Consolidation, versions - 750, 751, 752, 753, 754, 755, 810, 100, 200, can be abused by an attacker, allowing them to modify displayed application content without authorization, and to potentially obtain authentication information from other legitimate users, leading to Cross Site Scripting.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP SE | SAP Business Planning and Consolidation | < 750 | affected |
| SAP SE | SAP Business Planning and Consolidation | < 751 | affected |
| SAP SE | SAP Business Planning and Consolidation | < 752 | affected |
| SAP SE | SAP Business Planning and Consolidation | < 753 | affected |
| SAP SE | SAP Business Planning and Consolidation | < 754 | affected |
| SAP SE | SAP Business Planning and Consolidation | < 755 | affected |
| SAP SE | SAP Business Planning and Consolidation | < 810 | affected |
| SAP SE | SAP Business Planning and Consolidation | < 100 | affected |
| SAP SE | SAP Business Planning and Consolidation | < 200 | affected |
Weaknesses
- Cross Site Scripting
ADP Enrichment
CVE Program Container
Additional References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196
- https://launchpad.support.sap.com/#/notes/2960825
References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196
- https://launchpad.support.sap.com/#/notes/2960825
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.