CVE-2020-6324
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
09/09/2020
Last modified:
07/11/2023
Description
SAP Netweaver AS ABAP(BSP Test Application sbspext_table), version-700,701,720,730,731,740,750,751,752,753,754,755, allows an unauthenticated attacker to send polluted URL to the victim, when the victim clicks on this URL, the attacker can read, modify the information available in the victim�s browser leading to Reflected Cross Site Scripting.
Impact
Base Score 3.x
6.10
Severity 3.x
MEDIUM
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:700:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:701:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:702:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:730:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:731:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:740:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:750:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:751:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:752:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:753:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:754:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:755:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page