Reflected Cross-Site Scripting Vulnerability in SAP NetWeaver Application Server Java
CVE-2020-6319

6.1MEDIUM

Key Information:

Vendor: SAP
Status: SAP Netweaver Application Server Java
Vendor: CVE Published:; 15 October 2020

Summary

The SAP NetWeaver Application Server Java is susceptible to a reflected cross-site scripting vulnerability, enabling unauthenticated attackers to inject unauthorized JavaScript code into web pages and URLs. This exploitation allows an attacker to retrieve sensitive authentication data from users, including session details, which can compromise the confidentiality and integrity of the application. Different symbols that are typically restricted can be utilized in this attack, increasing its potential impact and making it essential for users and administrators to secure their systems against such risks.

Affected Version(s)

SAP NetWeaver Application Server Java < 7.10 < 7.10

SAP NetWeaver Application Server Java < 7.11 < 7.11

SAP NetWeaver Application Server Java < 7.20 < 7.20

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/2956398

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 15, 2020
Vulnerability Reserved
Jan 8, 2020