CVE-2020-6368

Summary

SAP Business Planning and Consolidation, versions - 750, 751, 752, 753, 754, 755, 810, 100, 200, can be abused by an attacker, allowing them to modify displayed application content without authorization, and to potentially obtain authentication information from other legitimate users, leading to Cross Site Scripting.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP Business Planning and Consolidation< 750affected
SAP SESAP Business Planning and Consolidation< 751affected
SAP SESAP Business Planning and Consolidation< 752affected
SAP SESAP Business Planning and Consolidation< 753affected
SAP SESAP Business Planning and Consolidation< 754affected
SAP SESAP Business Planning and Consolidation< 755affected
SAP SESAP Business Planning and Consolidation< 810affected
SAP SESAP Business Planning and Consolidation< 100affected
SAP SESAP Business Planning and Consolidation< 200affected

Weaknesses

  • Cross Site Scripting

ADP Enrichment

CVE Program Container

Additional References

References