Reflected Cross-Site Scripting Vulnerability in SAP NetWeaver Application Server Java
CVE-2020-6319

6.1MEDIUM

Key Information:

Vendor
SAP
Vendor
CVE Published:
15 October 2020

Summary

The SAP NetWeaver Application Server Java is susceptible to a reflected cross-site scripting vulnerability, enabling unauthenticated attackers to inject unauthorized JavaScript code into web pages and URLs. This exploitation allows an attacker to retrieve sensitive authentication data from users, including session details, which can compromise the confidentiality and integrity of the application. Different symbols that are typically restricted can be utilized in this attack, increasing its potential impact and making it essential for users and administrators to secure their systems against such risks.

Affected Version(s)

SAP NetWeaver Application Server Java < 7.10 < 7.10

SAP NetWeaver Application Server Java < 7.11 < 7.11

SAP NetWeaver Application Server Java < 7.20 < 7.20

References

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.