fkie_cve-2020-6205
Vulnerability from fkie_nvd
Published
2020-03-10 21:15
Modified
2024-11-21 05:35
Severity ?
Summary
SAP NetWeaver AS ABAP Business Server Pages (Smart Forms), SAP_BASIS versions- 7.00, 7.01, 7.02, 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, 7.51, 7.52, 7.53, 7.54; does not sufficiently encode user controlled inputs, allowing an unauthenticated attacker to non-permanently deface or modify displayed content and/or steal authentication information of the user and/or impersonate the user and access all information with the same rights as the target user, leading to Reflected Cross Site Scripting Vulnerability.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.00:*:*:*:*:*:*:*",
"matchCriteriaId": "2E6E948A-59A4-460A-8369-68E9A94CA4EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.01:*:*:*:*:*:*:*",
"matchCriteriaId": "2B2AC049-E6B5-4954-875A-7E66F2CEFEDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.02:*:*:*:*:*:*:*",
"matchCriteriaId": "1097BE81-D7C7-4288-82A8-F5FA0EB492E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A14A2CCD-4E29-42BF-94E8-6FBCF7265132",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "FC7F939D-7BC7-48DF-BBC7-867341F841CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.30:*:*:*:*:*:*:*",
"matchCriteriaId": "66D0CBF3-A0C0-4125-87D2-15DC05990986",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.31:*:*:*:*:*:*:*",
"matchCriteriaId": "D4AA4EAF-ED70-4FEC-85B5-C8229EB5F600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.40:*:*:*:*:*:*:*",
"matchCriteriaId": "0F822C6B-3047-4EB1-9A85-EE10EA592DE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.50:*:*:*:*:*:*:*",
"matchCriteriaId": "689471D5-2189-48AF-ACE9-41DA4B642B1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.51:*:*:*:*:*:*:*",
"matchCriteriaId": "CD618C71-34FF-414C-86DC-C43C5EEF5D20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.52:*:*:*:*:*:*:*",
"matchCriteriaId": "8E4BD107-F102-4859-9439-955F4DACE96F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.53:*:*:*:*:*:*:*",
"matchCriteriaId": "0AC0B6B2-BE6F-4745-ACE4-245B0685734F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.54:*:*:*:*:*:*:*",
"matchCriteriaId": "07A358CC-0FE7-4665-B595-169F784A5AC1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAP NetWeaver AS ABAP Business Server Pages (Smart Forms), SAP_BASIS versions- 7.00, 7.01, 7.02, 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, 7.51, 7.52, 7.53, 7.54; does not sufficiently encode user controlled inputs, allowing an unauthenticated attacker to non-permanently deface or modify displayed content and/or steal authentication information of the user and/or impersonate the user and access all information with the same rights as the target user, leading to Reflected Cross Site Scripting Vulnerability."
},
{
"lang": "es",
"value": "SAP NetWeaver AS ABAP Business Server Pages (Smart Forms), versiones de SAP_BASIS 7.00, 7.01, 7.02, 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, 7.51, 7.52, 7.53, 7.54; no codifica suficientemente las entradas controladas por el usuario, permitiendo a un atacante no autenticado desfigurar de forma no permanente o modificar el contenido mostrado y/o robar informaci\u00f3n de autenticaci\u00f3n del usuario y/o suplantar al usuario y acceder a toda la informaci\u00f3n con los mismos derechos que el usuario objeto del ataque, conllevando a una Vulnerabilidad de tipo Cross Site Scripting Reflejado."
}
],
"id": "CVE-2020-6205",
"lastModified": "2024-11-21T05:35:17.763",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "cna@sap.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-10T21:15:14.620",
"references": [
{
"source": "cna@sap.com",
"tags": [
"Permissions Required"
],
"url": "https://launchpad.support.sap.com/#/notes/2884910"
},
{
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://launchpad.support.sap.com/#/notes/2884910"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305"
}
],
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…