CVE-2020-6323

6.1MEDIUM

Key Information:

Vendor: SAP
Status: SAP Netweaver Enterprise Portal (fiori Framework Page)
Vendor: CVE Published:; 15 October 2020

Summary

SAP NetWeaver Enterprise Portal (Fiori Framework Page) versions - 7.50, 7.31, 7.40, does not sufficiently encode user-controlled inputs and allows an attacker on a valid session to create an XSS that will be both reflected immediately and also be persisted and returned in further access to the system, resulting in Cross Site Scripting.

Affected Version(s)

SAP NetWeaver Enterprise Portal (Fiori Framework Page) < 7.50 < 7.50

SAP NetWeaver Enterprise Portal (Fiori Framework Page) < 7.31 < 7.31

SAP NetWeaver Enterprise Portal (Fiori Framework Page) < 7.40 < 7.40

References

https://launchpad.support.sap.com/#/notes/2960329

x_refsource_MISC

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 15, 2020
Vulnerability Reserved
Jan 8, 2020