5.4
CVE-2020-6326
- EPSS 0.31%
- Veröffentlicht 09.09.2020 13:15:12
- Zuletzt bearbeitet 21.11.2024 05:35:30
- Quelle cna@sap.com
- CVE-Watchlists
- Unerledigt
LoginSAP NetWeaver (Knowledge Management), version-7.30,7.31,7.40,7.50, allows an authenticated attacker to create malicious links in the UI, when clicked by victim, will execute arbitrary java scripts thus extracting or modifying information otherwise restricted leading to Stored Cross Site Scripting.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SAP ≫ Netweaver Knowledge Management Version7.30
SAP ≫ Netweaver Knowledge Management Version7.31
SAP ≫ Netweaver Knowledge Management Version7.40
SAP ≫ Netweaver Knowledge Management Version7.50
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.31% | 0.539 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.4 | 2.3 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
| nvd@nist.gov | 3.5 | 6.8 | 2.9 |
AV:N/AC:M/Au:S/C:N/I:P/A:N
|
| cna@sap.com | 5.4 | 2.3 | 2.7 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.