CVE-2020-6217

SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.
References
Link Resource
https://launchpad.support.sap.com/#/notes/2872545 Permissions Required Vendor Advisory
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202 Broken Link Vendor Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:700:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:701:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:702:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:730:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:731:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:740:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:750:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:751:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:752:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:753:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:754:*:*:*:*:*:*:*

Information

Published : 2020-04-14 13:15

Updated : 2022-10-06 11:08


NVD link : CVE-2020-6217

Mitre link : CVE-2020-6217


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

sap

  • netweaver_as_abap_business_server_pages