CVE-2020-6217

MEDIUM

SAP NetWeaver AS ABAP Business Server Pages Test Application IT00 -...

Title source: llm
STIX 2.1

Description

SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.

References (2)

Core 2
Core References
Broken Link, Vendor Advisory x_refsource_misc
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202
Permissions Required, Vendor Advisory x_refsource_misc
https://launchpad.support.sap.com/#/notes/2872545

Scores

CVSS v3 6.1
EPSS 0.0037
EPSS Percentile 58.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (11)
sap/netweaver_as_abap_business_server_pages 700
sap/netweaver_as_abap_business_server_pages 701
sap/netweaver_as_abap_business_server_pages 702
sap/netweaver_as_abap_business_server_pages 730
sap/netweaver_as_abap_business_server_pages 731
sap/netweaver_as_abap_business_server_pages 740
sap/netweaver_as_abap_business_server_pages 750
sap/netweaver_as_abap_business_server_pages 751
sap/netweaver_as_abap_business_server_pages 752
sap/netweaver_as_abap_business_server_pages 753
... and 1 more
Published Apr 14, 2020
Tracked Since Feb 18, 2026