Reflected Cross-Site Scripting in SAP NetWeaver AS ABAP
CVE-2020-6229

6.1MEDIUM

Key Information:

Vendor: SAP
Status: SAP Netweaver As Abap (business Server Pages Application Crm Bsp Frame)
Vendor: CVE Published:; 14 April 2020

Summary

The SAP NetWeaver AS ABAP product contains a reflected Cross-Site Scripting vulnerability due to inadequate encoding of user-controlled inputs within the Business Server Pages application (CRM_BSP_FRAME). This vulnerability could allow an attacker to execute arbitrary scripts in the context of the end-user's browser. Following the exploitation, attackers could potentially manipulate user sessions and gain unauthorized access to sensitive information. Organizations using affected versions are advised to implement necessary security measures and update to patched versions to mitigate risks.

Affected Version(s)

SAP NetWeaver AS ABAP (Business Server Pages application CRM_BSP_FRAME) < 700 < 700

SAP NetWeaver AS ABAP (Business Server Pages application CRM_BSP_FRAME) < 701 < 701

SAP NetWeaver AS ABAP (Business Server Pages application CRM_BSP_FRAME) < 702 < 702

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/2900374

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 14, 2020
Vulnerability Reserved
Jan 8, 2020