Description
SAP Business Planning and Consolidation, versions - 750, 751, 752, 753, 754, 755, 810, 100, 200, can be abused by an attacker, allowing them to modify displayed application content without authorization, and to potentially obtain authentication information from other legitimate users, leading to Cross Site Scripting.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196
Permissions Required x_refsource_misc
https://launchpad.support.sap.com/#/notes/2960825
Scores
CVSS v3
5.4
EPSS
0.0038
EPSS Percentile
59.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (9)
sap/business_planning_and_consolidation
100
sap/business_planning_and_consolidation
200
sap/business_planning_and_consolidation
750
sap/business_planning_and_consolidation
751
sap/business_planning_and_consolidation
752
sap/business_planning_and_consolidation
753
sap/business_planning_and_consolidation
754
sap/business_planning_and_consolidation
755
sap/business_planning_and_consolidation
810
Published
Oct 15, 2020
Tracked Since
Feb 18, 2026