5.4
CVE-2020-6368
- EPSS 0.38%
- Published 15.10.2020 02:15:12
- Last modified 21.11.2024 05:35:35
- Source cna@sap.com
- Teams watchlist Login
- Open Login
SAP Business Planning and Consolidation, versions - 750, 751, 752, 753, 754, 755, 810, 100, 200, can be abused by an attacker, allowing them to modify displayed application content without authorization, and to potentially obtain authentication information from other legitimate users, leading to Cross Site Scripting.
Data is provided by the National Vulnerability Database (NVD)
SAP ≫ Business Planning And Consolidation Version100
SAP ≫ Business Planning And Consolidation Version200
SAP ≫ Business Planning And Consolidation Version750
SAP ≫ Business Planning And Consolidation Version751
SAP ≫ Business Planning And Consolidation Version752
SAP ≫ Business Planning And Consolidation Version753
SAP ≫ Business Planning And Consolidation Version754
SAP ≫ Business Planning And Consolidation Version755
SAP ≫ Business Planning And Consolidation Version810
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.38% | 0.567 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 5.4 | 2.3 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
| nvd@nist.gov | 3.5 | 6.8 | 2.9 |
AV:N/AC:M/Au:S/C:N/I:P/A:N
|
| cna@sap.com | 5.4 | 2.3 | 2.7 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.