CVE-2020-6213: XSS
First published: Fri Apr 24 2020(Updated: )
SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_PHTMLB, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, is vulnerable to reflected Cross-Site Scripting (XSS) via different URL parameters as it does not sufficiently encode user controlled inputs.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP NetWeaver AS ABAP Business Server Pages | =700 | |
| SAP NetWeaver AS ABAP Business Server Pages | =701 | |
| SAP NetWeaver AS ABAP Business Server Pages | =702 | |
| SAP NetWeaver AS ABAP Business Server Pages | =730 | |
| SAP NetWeaver AS ABAP Business Server Pages | =731 | |
| SAP NetWeaver AS ABAP Business Server Pages | =740 | |
| SAP NetWeaver AS ABAP Business Server Pages | =750 | |
| SAP NetWeaver AS ABAP Business Server Pages | =751 | |
| SAP NetWeaver AS ABAP Business Server Pages | =752 | |
| SAP NetWeaver AS ABAP Business Server Pages | =753 | |
| SAP NetWeaver AS ABAP Business Server Pages | =754 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID is CVE-2020-6213.
What is the severity of CVE-2020-6213?
The severity of CVE-2020-6213 is medium.
Which versions of SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_PHTMLB are affected?
Versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, and 754 are affected.
What is the vulnerability in SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_PHTMLB?
The vulnerability is reflected Cross-Site Scripting (XSS) via different URL parameters.
How can I fix CVE-2020-6213 in SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_PHTMLB?
To fix CVE-2020-6213, apply the necessary patches or updates provided by SAP.
- collector/nvd-index
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/type
- agent/description
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/sap
- canonical/sap netweaver as abap business server pages
- version/sap netweaver as abap business server pages/700
- version/sap netweaver as abap business server pages/701
- version/sap netweaver as abap business server pages/702
- version/sap netweaver as abap business server pages/730
- version/sap netweaver as abap business server pages/731
- version/sap netweaver as abap business server pages/740
- version/sap netweaver as abap business server pages/750
- version/sap netweaver as abap business server pages/751
- version/sap netweaver as abap business server pages/752
- version/sap netweaver as abap business server pages/753
- version/sap netweaver as abap business server pages/754