CVE-2020-6367
Last modified
CVE-2020-6367 is a medium-severity vulnerability rated 6.1/10 on the CVSS scale. There is a reflected cross site scripting vulnerability in SAP NetWeaver Composite Application Framework, versions - 7.20, 7.30, 7.31, 7.40, 7.50. An unauthenticated attacker can trick an unsuspecting authenticated user to click on a malicious link. EPSS estimates a 0.82% chance of exploitation in the next 30 days.
Description
There is a reflected cross site scripting vulnerability in SAP NetWeaver Composite Application Framework, versions - 7.20, 7.30, 7.31, 7.40, 7.50. An unauthenticated attacker can trick an unsuspecting authenticated user to click on a malicious link. The end users browser has no way to know that the script should not be trusted, and will execute the script, resulting in sensitive information being disclosed or modified.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Sap | Netweaver Composite Application Framework | 7.20 |
| Sap | Netweaver Composite Application Framework | 7.30 |
| Sap | Netweaver Composite Application Framework | 7.31 |
| Sap | Netweaver Composite Application Framework | 7.40 |
| Sap | Netweaver Composite Application Framework | 7.50 |
References
- https://launchpad.support.sap.com/#/notes/2972661Permissions Required, Vendor Advisory
- https://launchpad.support.sap.com/#/notes/2972661Permissions Required, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-6367?
How severe is CVE-2020-6367?
How do I fix CVE-2020-6367?
Are you affected by CVE-2020-6367?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST