CVE-2020-6319

6.1MEDIUM

Key Information:

Vendor: SAP
Status: SAP Netweaver Application Server Java
Vendor: CVE Published:; 15 October 2020

Summary

SAP NetWeaver Application Server Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50 allows an unauthenticated attacker to include JavaScript blocks in any web page or URL with different symbols which are otherwise not allowed. On successful exploitation an attacker can steal authentication information of the user, such as data relating to his or her current session and limitedly impact confidentiality and integrity of the application, leading to Reflected Cross Site Scripting.

Affected Version(s)

SAP NetWeaver Application Server Java < 7.10 < 7.10

SAP NetWeaver Application Server Java < 7.11 < 7.11

SAP NetWeaver Application Server Java < 7.20 < 7.20

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/2956398

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 15, 2020
Vulnerability Reserved
Jan 8, 2020