CVE-2020-6205: XSS
First published: Tue Mar 10 2020(Updated: )
SAP NetWeaver AS ABAP Business Server Pages (Smart Forms), SAP_BASIS versions- 7.00, 7.01, 7.02, 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, 7.51, 7.52, 7.53, 7.54; does not sufficiently encode user controlled inputs, allowing an unauthenticated attacker to non-permanently deface or modify displayed content and/or steal authentication information of the user and/or impersonate the user and access all information with the same rights as the target user, leading to Reflected Cross Site Scripting Vulnerability.
Credit: cna@sap.com cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP NetWeaver AS ABAP Business Server Pages | =7.00 | |
| SAP NetWeaver AS ABAP Business Server Pages | =7.01 | |
| SAP NetWeaver AS ABAP Business Server Pages | =7.02 | |
| SAP NetWeaver AS ABAP Business Server Pages | =7.10 | |
| SAP NetWeaver AS ABAP Business Server Pages | =7.11 | |
| SAP NetWeaver AS ABAP Business Server Pages | =7.30 | |
| SAP NetWeaver AS ABAP Business Server Pages | =7.31 | |
| SAP NetWeaver AS ABAP Business Server Pages | =7.40 | |
| SAP NetWeaver AS ABAP Business Server Pages | =7.50 | |
| SAP NetWeaver AS ABAP Business Server Pages | =7.51 | |
| SAP NetWeaver AS ABAP Business Server Pages | =7.52 | |
| SAP NetWeaver AS ABAP Business Server Pages | =7.53 | |
| SAP NetWeaver AS ABAP Business Server Pages | =7.54 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-6205?
The severity of CVE-2020-6205 is medium with a CVSS score of 6.1.
Which versions of SAP NetWeaver AS ABAP Business Server Pages are affected by CVE-2020-6205?
SAP NetWeaver AS ABAP Business Server Pages versions 7.00, 7.01, 7.02, 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, 7.51, 7.52, 7.53, and 7.54 are affected by CVE-2020-6205.
What does CVE-2020-6205 allow an attacker to do?
CVE-2020-6205 allows an unauthenticated attacker to non-permanently deface or modify displayed content.
How can I fix CVE-2020-6205?
Apply the security patch provided by SAP to fix CVE-2020-6205.
Where can I find more information about CVE-2020-6205?
You can find more information about CVE-2020-6205 on the SAP Support Portal and the SAP Community Network.
- collector/nvd-api
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/sap
- canonical/sap netweaver as abap business server pages
- version/sap netweaver as abap business server pages/7.00
- version/sap netweaver as abap business server pages/7.01
- version/sap netweaver as abap business server pages/7.02
- version/sap netweaver as abap business server pages/7.10
- version/sap netweaver as abap business server pages/7.11
- version/sap netweaver as abap business server pages/7.30
- version/sap netweaver as abap business server pages/7.31
- version/sap netweaver as abap business server pages/7.40
- version/sap netweaver as abap business server pages/7.50
- version/sap netweaver as abap business server pages/7.51
- version/sap netweaver as abap business server pages/7.52
- version/sap netweaver as abap business server pages/7.53
- version/sap netweaver as abap business server pages/7.54