Cross-Site Scripting Vulnerability in SAP NetWeaver by SAP
CVE-2020-6193

6.1MEDIUM

Key Information:

Vendor: SAP
Status: SAP Netweaver (knowledge Management Ice Service)
Vendor: CVE Published:; 12 February 2020

Summary

SAP NetWeaver's Knowledge Management ICE Service is susceptible to a reflected XSS vulnerability, allowing unauthenticated attackers to execute malicious scripts. This can lead to unauthorized information disclosure or manipulation, posing serious risks to web applications built on this platform. Administrators should apply the necessary security patches and implement robust web application security practices to mitigate the effects of this vulnerability.

Affected Version(s)

SAP NetWeaver (Knowledge Management ICE Service) = 7.30 = 7.30

SAP NetWeaver (Knowledge Management ICE Service) = 7.31 = 7.31

SAP NetWeaver (Knowledge Management ICE Service) = 7.40 = 7.40

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/2873012

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 12, 2020
Vulnerability Reserved
Jan 8, 2020