What is the severity of CVE-2020-26825?

CVE-2020-26825 is considered a medium severity vulnerability due to its potential for unauthorized code execution in SAP Fiori Launchpad.

How do I fix CVE-2020-26825?

To fix CVE-2020-26825, you should apply the latest security patches released by SAP for the affected versions of the Fiori Launchpad.

Who is affected by CVE-2020-26825?

CVE-2020-26825 affects users of SAP Fiori Launchpad versions 750 to 755 who utilize the News tile Application.

What impact does CVE-2020-26825 have?

The impact of CVE-2020-26825 allows attackers to send malicious code to end users through the News tile Application.

What is the nature of the vulnerability in CVE-2020-26825?

CVE-2020-26825 is caused by insufficient encoding of user-controlled inputs in the SAP Fiori Launchpad's News tile Application.

Vulnerability/
CVE-2020-26825

medium

6.1

CWE

13/11/2020

4/8/2024

CVE-2020-26825: XSS

First published: Fri Nov 13 2020(Updated: )

SAP Fiori Launchpad (News tile Application), versions - 750,751,752,753,754,755, allows an unauthorized attacker to use SAP Fiori Launchpad News tile Application to send malicious code, to a different end user (victim), because News tile does not sufficiently encode user controlled inputs, resulting in Reflected Cross-Site Scripting (XSS) vulnerability. Information maintained in the victim's web browser can be read, modified, and sent to the attacker. The malicious code cannot significantly impact the victim's browser and the victim can easily close the browser tab to terminate it.

Credit: cna@sap.com

Affected Software	Affected Version	How to fix
SAP Fiori Launchpad	=750
SAP Fiori Launchpad	=751
SAP Fiori Launchpad	=752
SAP Fiori Launchpad	=753
SAP Fiori Launchpad	=754
SAP Fiori Launchpad	=755

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2020-26825?
CVE-2020-26825 is considered a medium severity vulnerability due to its potential for unauthorized code execution in SAP Fiori Launchpad.
How do I fix CVE-2020-26825?
To fix CVE-2020-26825, you should apply the latest security patches released by SAP for the affected versions of the Fiori Launchpad.
Who is affected by CVE-2020-26825?
CVE-2020-26825 affects users of SAP Fiori Launchpad versions 750 to 755 who utilize the News tile Application.
What impact does CVE-2020-26825 have?
The impact of CVE-2020-26825 allows attackers to send malicious code to end users through the News tile Application.
What is the nature of the vulnerability in CVE-2020-26825?
CVE-2020-26825 is caused by insufficient encoding of user-controlled inputs in the SAP Fiori Launchpad's News tile Application.

agent/references
agent/type
collector/mitre-cve
source/MITRE
agent/weakness
agent/last-modified-date
agent/severity
agent/author
agent/first-publish-date
agent/event
agent/description
agent/softwarecombine
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/sap
canonical/sap fiori launchpad
version/sap fiori launchpad/750
version/sap fiori launchpad/751
version/sap fiori launchpad/752
version/sap fiori launchpad/753
version/sap fiori launchpad/754
version/sap fiori launchpad/755

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.