CVE-2020-6185: XSS
First published: Wed Feb 12 2020(Updated: )
Under certain conditions ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS versions 7.50, 7.51, 7.52, 7.53, 7.54), allows an authenticated attacker to store a malicious payload which results in Stored Cross Site Scripting vulnerability.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP NetWeaver | =7.40 | |
| Sap S\/4hana | =7.50 | |
| Sap S\/4hana | =7.51 | |
| Sap S\/4hana | =7.52 | |
| Sap S\/4hana | =7.53 | |
| Sap S\/4hana | =7.54 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-6185?
CVE-2020-6185 is a Stored Cross Site Scripting vulnerability affecting ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS versions 7.50, 7.51, 7.52, 7.53, 7.54).
How does CVE-2020-6185 affect SAP NetWeaver?
CVE-2020-6185 affects SAP NetWeaver version 7.40 and allows an authenticated attacker to store a malicious payload, resulting in a Stored Cross Site Scripting vulnerability.
How does CVE-2020-6185 affect SAP S/4HANA?
CVE-2020-6185 affects SAP S/4HANA versions 7.50, 7.51, 7.52, 7.53, 7.54 and allows an authenticated attacker to store a malicious payload, resulting in a Stored Cross Site Scripting vulnerability.
What is the severity of CVE-2020-6185?
The severity of CVE-2020-6185 is medium with a CVSS score of 5.4.
How can I fix CVE-2020-6185?
To fix CVE-2020-6185, update SAP NetWeaver and SAP S/4HANA to the patched versions listed in the provided SAP notes.
- collector/nvd-index
- vendor/sap
- canonical/sap netweaver
- version/sap netweaver/7.40
- canonical/sap s\/4hana
- version/sap s\/4hana/7.50
- version/sap s\/4hana/7.51
- version/sap s\/4hana/7.52
- version/sap s\/4hana/7.53
- version/sap s\/4hana/7.54