CVE-2020-6367
MEDIUMSAP NetWeaver Composite Application Framework -7.50-7.31 - XSS
Title source: llmDescription
There is a reflected cross site scripting vulnerability in SAP NetWeaver Composite Application Framework, versions - 7.20, 7.30, 7.31, 7.40, 7.50. An unauthenticated attacker can trick an unsuspecting authenticated user to click on a malicious link. The end users browser has no way to know that the script should not be trusted, and will execute the script, resulting in sensitive information being disclosed or modified.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196
Permissions Required, Vendor Advisory x_refsource_misc
https://launchpad.support.sap.com/#/notes/2972661
Scores
CVSS v3
6.1
EPSS
0.0125
EPSS Percentile
79.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (5)
sap/netweaver_composite_application_framework
7.20
sap/netweaver_composite_application_framework
7.30
sap/netweaver_composite_application_framework
7.31
sap/netweaver_composite_application_framework
7.40
sap/netweaver_composite_application_framework
7.50
Published
Oct 20, 2020
Tracked Since
Feb 18, 2026