Cross-Site Scripting Vulnerability in SAP NetWeaver by SAP
CVE-2020-6193

6.1MEDIUM

Key Information:

Vendor: SAP
Status: SAP Netweaver (knowledge Management Ice Service)
Vendor: CVE Published:; 12 February 2020

What is CVE-2020-6193?

SAP NetWeaver's Knowledge Management ICE Service is susceptible to a reflected XSS vulnerability, allowing unauthenticated attackers to execute malicious scripts. This can lead to unauthorized information disclosure or manipulation, posing serious risks to web applications built on this platform. Administrators should apply the necessary security patches and implement robust web application security practices to mitigate the effects of this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

SAP NetWeaver (Knowledge Management ICE Service) = 7.30 = 7.30

SAP NetWeaver (Knowledge Management ICE Service) = 7.31 = 7.31

SAP NetWeaver (Knowledge Management ICE Service) = 7.40 = 7.40

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/2873012

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 12, 2020
Vulnerability Reserved
Jan 8, 2020

JSON

SAP