What is the severity of CVE-2020-6283?

CVE-2020-6283 is rated as a medium severity vulnerability due to the potential for reflected Cross-Site Scripting (XSS) attacks.

How do I fix CVE-2020-6283?

To remediate CVE-2020-6283, ensure that user-controlled inputs are properly encoded and updated to the latest version of SAP Fiori Launchpad.

What versions of SAP Fiori Launchpad are affected by CVE-2020-6283?

CVE-2020-6283 affects versions 750, 752, 753, 754, and 755 of SAP Fiori Launchpad.

What is the impact of CVE-2020-6283?

The impact of CVE-2020-6283 could allow an attacker to perform XSS attacks, potentially leading to the theft of sensitive user information.

Is CVE-2020-6283 related to injection attacks?

Yes, CVE-2020-6283 involves an injection vulnerability allowing attackers to inject malicious meta tags into the HTML of the SAP Fiori Launchpad.

Vulnerability/
CVE-2020-6283

medium

6.1

CWE

9/9/2020

4/8/2024

CVE-2020-6283: XSS

First published: Wed Sep 09 2020(Updated: )

SAP Fiori Launchpad does not sufficiently encode user controlled inputs, and hence allowing the attacker to inject the meta tag into the launchpad html using the vulnerable parameter, resulting in reflected Cross-Site Scripting (XSS) vulnerability. With a successful attack, the attacker can steal authentication information of the user, such as data relating to his or her current session.

Credit: cna@sap.com

Affected Software	Affected Version	How to fix
SAP Fiori Launchpad	=750
SAP Fiori Launchpad	=752
SAP Fiori Launchpad	=753
SAP Fiori Launchpad	=754
SAP Fiori Launchpad	=755

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2020-6283?
CVE-2020-6283 is rated as a medium severity vulnerability due to the potential for reflected Cross-Site Scripting (XSS) attacks.
How do I fix CVE-2020-6283?
To remediate CVE-2020-6283, ensure that user-controlled inputs are properly encoded and updated to the latest version of SAP Fiori Launchpad.
What versions of SAP Fiori Launchpad are affected by CVE-2020-6283?
CVE-2020-6283 affects versions 750, 752, 753, 754, and 755 of SAP Fiori Launchpad.
What is the impact of CVE-2020-6283?
The impact of CVE-2020-6283 could allow an attacker to perform XSS attacks, potentially leading to the theft of sensitive user information.
Is CVE-2020-6283 related to injection attacks?
Yes, CVE-2020-6283 involves an injection vulnerability allowing attackers to inject malicious meta tags into the HTML of the SAP Fiori Launchpad.

collector/nvd-index
agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/weakness
agent/author
agent/last-modified-date
agent/tags
agent/severity
agent/event
agent/description
agent/first-publish-date
agent/source
vendor/sap
canonical/sap fiori launchpad
version/sap fiori launchpad/750
version/sap fiori launchpad/752
version/sap fiori launchpad/753
version/sap fiori launchpad/754
version/sap fiori launchpad/755

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.