CVE-2020-6324: XSS
First published: Wed Sep 09 2020(Updated: )
SAP Netweaver AS ABAP(BSP Test Application sbspext_table), version-700,701,720,730,731,740,750,751,752,753,754,755, allows an unauthenticated attacker to send polluted URL to the victim, when the victim clicks on this URL, the attacker can read, modify the information available in the victim?s browser leading to Reflected Cross Site Scripting.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP NetWeaver AS for ABAP | =700 | |
| SAP NetWeaver AS for ABAP | =701 | |
| SAP NetWeaver AS for ABAP | =702 | |
| SAP NetWeaver AS for ABAP | =730 | |
| SAP NetWeaver AS for ABAP | =731 | |
| SAP NetWeaver AS for ABAP | =740 | |
| SAP NetWeaver AS for ABAP | =750 | |
| SAP NetWeaver AS for ABAP | =751 | |
| SAP NetWeaver AS for ABAP | =752 | |
| SAP NetWeaver AS for ABAP | =753 | |
| SAP NetWeaver AS for ABAP | =754 | |
| SAP NetWeaver AS for ABAP | =755 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-6324?
The severity of CVE-2020-6324 is medium with a CVSS score of 6.1.
How does CVE-2020-6324 vulnerability affect SAP NetWeaver AS ABAP(BSP Test Application sbspext_table)?
CVE-2020-6324 vulnerability allows an unauthenticated attacker to send a polluted URL to the victim, enabling them to read and modify information in the victim's browser.
Which versions of SAP NetWeaver AS ABAP(BSP Test Application sbspext_table) are affected by CVE-2020-6324?
CVE-2020-6324 affects the following versions of SAP NetWeaver AS ABAP(BSP Test Application sbspext_table): 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755.
How can I fix CVE-2020-6324?
To fix CVE-2020-6324, apply the necessary patches provided by SAP as mentioned in the official SAP notes and documentation.
Where can I find more information about CVE-2020-6324?
You can find more information about CVE-2020-6324 in the official SAP notes: [Support Portal](https://launchpad.support.sap.com/#/notes/2948239) and [SCN Wiki](https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700).
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/severity
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/sap
- canonical/sap netweaver as for abap
- version/sap netweaver as for abap/700
- version/sap netweaver as for abap/701
- version/sap netweaver as for abap/702
- version/sap netweaver as for abap/730
- version/sap netweaver as for abap/731
- version/sap netweaver as for abap/740
- version/sap netweaver as for abap/750
- version/sap netweaver as for abap/751
- version/sap netweaver as for abap/752
- version/sap netweaver as for abap/753
- version/sap netweaver as for abap/754
- version/sap netweaver as for abap/755