CVE-2020-6217: XSS
First published: Tue Apr 14 2020(Updated: )
SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP NetWeaver AS ABAP Business Server Pages | =700 | |
| SAP NetWeaver AS ABAP Business Server Pages | =701 | |
| SAP NetWeaver AS ABAP Business Server Pages | =702 | |
| SAP NetWeaver AS ABAP Business Server Pages | =730 | |
| SAP NetWeaver AS ABAP Business Server Pages | =731 | |
| SAP NetWeaver AS ABAP Business Server Pages | =740 | |
| SAP NetWeaver AS ABAP Business Server Pages | =750 | |
| SAP NetWeaver AS ABAP Business Server Pages | =751 | |
| SAP NetWeaver AS ABAP Business Server Pages | =752 | |
| SAP NetWeaver AS ABAP Business Server Pages | =753 | |
| SAP NetWeaver AS ABAP Business Server Pages | =754 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is SAP NetWeaver AS ABAP Business Server Pages Test Application IT00?
SAP NetWeaver AS ABAP Business Server Pages Test Application IT00 is a software component of SAP NetWeaver AS ABAP that provides a testing environment for Business Server Pages applications.
What versions of SAP NetWeaver AS ABAP Business Server Pages Test Application IT00 are affected?
Versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, and 754 of SAP NetWeaver AS ABAP Business Server Pages Test Application IT00 are affected.
What is the severity of CVE-2020-6217?
CVE-2020-6217 has a severity value of 6.1, which is considered medium.
What is the CWE classification of CVE-2020-6217?
CVE-2020-6217 is classified under CWE-79, which is Cross-Site Scripting (XSS).
How do I fix the reflected Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP Business Server Pages Test Application IT00?
To fix the reflected Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, apply the necessary patches provided by SAP and follow their recommended mitigation steps.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/severity
- agent/tags
- agent/first-publish-date
- agent/description
- agent/event
- vendor/sap
- canonical/sap netweaver as abap business server pages
- version/sap netweaver as abap business server pages/700
- version/sap netweaver as abap business server pages/701
- version/sap netweaver as abap business server pages/702
- version/sap netweaver as abap business server pages/730
- version/sap netweaver as abap business server pages/731
- version/sap netweaver as abap business server pages/740
- version/sap netweaver as abap business server pages/750
- version/sap netweaver as abap business server pages/751
- version/sap netweaver as abap business server pages/752
- version/sap netweaver as abap business server pages/753
- version/sap netweaver as abap business server pages/754