Vulnerability Details CVE-2020-6205
SAP NetWeaver AS ABAP Business Server Pages (Smart Forms), SAP_BASIS versions- 7.00, 7.01, 7.02, 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, 7.51, 7.52, 7.53, 7.54; does not sufficiently encode user controlled inputs, allowing an unauthenticated attacker to non-permanently deface or modify displayed content and/or steal authentication information of the user and/or impersonate the user and access all information with the same rights as the target user, leading to Reflected Cross Site Scripting Vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 65.4%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
Products affected by CVE-2020-6205
-
cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.00
-
cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.01
-
cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.02
-
cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.10
-
cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.11
-
cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.30
-
cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.31
-
cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.40
-
cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.50
-
cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.51
-
cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.52
-
cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.53
-
cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.54