Reflected Cross-Site Scripting Vulnerability in SAP NetWeaver Application Server Java
CVE-2020-6319
Key Information:
- Vendor
- SAP
- Vendor
- CVE Published:
- 15 October 2020
Summary
The SAP NetWeaver Application Server Java is susceptible to a reflected cross-site scripting vulnerability, enabling unauthenticated attackers to inject unauthorized JavaScript code into web pages and URLs. This exploitation allows an attacker to retrieve sensitive authentication data from users, including session details, which can compromise the confidentiality and integrity of the application. Different symbols that are typically restricted can be utilized in this attack, increasing its potential impact and making it essential for users and administrators to secure their systems against such risks.
Affected Version(s)
SAP NetWeaver Application Server Java < 7.10 < 7.10
SAP NetWeaver Application Server Java < 7.11 < 7.11
SAP NetWeaver Application Server Java < 7.20 < 7.20
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved