CVE-2020-6368: XSS
First published: Thu Oct 15 2020(Updated: )
SAP Business Planning and Consolidation, versions - 750, 751, 752, 753, 754, 755, 810, 100, 200, can be abused by an attacker, allowing them to modify displayed application content without authorization, and to potentially obtain authentication information from other legitimate users, leading to Cross Site Scripting.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP Business Planning and Consolidation | =100 | |
| SAP Business Planning and Consolidation | =200 | |
| SAP Business Planning and Consolidation | =750 | |
| SAP Business Planning and Consolidation | =751 | |
| SAP Business Planning and Consolidation | =752 | |
| SAP Business Planning and Consolidation | =753 | |
| SAP Business Planning and Consolidation | =754 | |
| SAP Business Planning and Consolidation | =755 | |
| SAP Business Planning and Consolidation | =810 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-6368?
CVE-2020-6368 has a critical severity level as it allows unauthorized content modification and potential access to authentication information.
How do I fix CVE-2020-6368?
To fix CVE-2020-6368, apply the latest security patches provided by SAP for the affected versions of Business Planning and Consolidation.
Which versions of SAP Business Planning and Consolidation are affected by CVE-2020-6368?
CVE-2020-6368 affects versions 750, 751, 752, 753, 754, 755, 810, 100, and 200 of SAP Business Planning and Consolidation.
What kind of attacks can CVE-2020-6368 facilitate?
CVE-2020-6368 can facilitate attacks that permit the alteration of displayed content and may expose authentication credentials of legitimate users.
Is there a workaround for CVE-2020-6368 if I cannot immediately apply patches?
Currently, official workarounds for CVE-2020-6368 have not been provided, and it is recommended to apply patches as soon as possible.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/sap
- canonical/sap business planning and consolidation
- version/sap business planning and consolidation/100
- version/sap business planning and consolidation/200
- version/sap business planning and consolidation/750
- version/sap business planning and consolidation/751
- version/sap business planning and consolidation/752
- version/sap business planning and consolidation/753
- version/sap business planning and consolidation/754
- version/sap business planning and consolidation/755
- version/sap business planning and consolidation/810