CVE-2020-6206: CSRF
First published: Tue Mar 10 2020(Updated: )
SAP Cloud Platform Integration for Data Services, version 1.0, allows user inputs to be reflected as error or warning massages. This could mislead the victim to follow malicious instructions inserted by external attackers, leading to Cross Site Request Forgery.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sap Cloud Platform Integration | =1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-6206?
The severity of CVE-2020-6206 is classified as medium due to its potential for Cross Site Request Forgery attacks.
How do I fix CVE-2020-6206?
To fix CVE-2020-6206, ensure you apply the latest patches provided by SAP for the Cloud Platform Integration for Data Services.
Who is affected by CVE-2020-6206?
CVE-2020-6206 affects all users of SAP Cloud Platform Integration for Data Services version 1.0.
What kind of attack is associated with CVE-2020-6206?
CVE-2020-6206 is associated with Cross Site Request Forgery, which can mislead users to follow malicious instructions.
What are the potential impacts of CVE-2020-6206?
The potential impacts of CVE-2020-6206 include unauthorized actions being taken on behalf of the user due to misleading error messages.
- collector/nvd-index
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/softwarecombine
- agent/tags
- agent/source
- vendor/sap
- canonical/sap cloud platform integration
- version/sap cloud platform integration/1.0