CVE-2020-6324

MEDIUM

SAP Netweaver AS ABAP(BSP Test Application sbspext_table) -700-755 ...

Title source: llm

Description

SAP Netweaver AS ABAP(BSP Test Application sbspext_table), version-700,701,720,730,731,740,750,751,752,753,754,755, allows an unauthenticated attacker to send polluted URL to the victim, when the victim clicks on this URL, the attacker can read, modify the information available in the victim�s browser leading to Reflected Cross Site Scripting.

References (2)

Core 2

Core References

Vendor Advisory x_refsource_misc

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700

Permissions Required, Vendor Advisory x_refsource_misc

https://launchpad.support.sap.com/#/notes/2948239

Scores

CVSS v3 6.1

EPSS 0.0090

EPSS Percentile 76.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (12)

sap/netweaver_as_abap_business_server_pages 700

sap/netweaver_as_abap_business_server_pages 701

sap/netweaver_as_abap_business_server_pages 702

sap/netweaver_as_abap_business_server_pages 730

sap/netweaver_as_abap_business_server_pages 731

sap/netweaver_as_abap_business_server_pages 740

sap/netweaver_as_abap_business_server_pages 750

sap/netweaver_as_abap_business_server_pages 751

sap/netweaver_as_abap_business_server_pages 752

sap/netweaver_as_abap_business_server_pages 753

... and 2 more

Published Sep 09, 2020

Tracked Since Feb 18, 2026