Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for SAP Business Planning and Consolidation by SAP SE

    CVE-2020-6368 (GCVE-0-2020-6368)

    Vulnerability from nvd – Published: 2020-10-15 01:54 – Updated: 2024-08-04 09:02
    VLAI
    Summary
    SAP Business Planning and Consolidation, versions - 750, 751, 752, 753, 754, 755, 810, 100, 200, can be abused by an attacker, allowing them to modify displayed application content without authorization, and to potentially obtain authentication information from other legitimate users, leading to Cross Site Scripting.
    CWE
    • Cross Site Scripting
    Assigner
    sap
    References
    Impacted products
    Vendor Product Version
    SAP SE SAP Business Planning and Consolidation Affected: < 750
    Affected: < 751
    Affected: < 752
    Affected: < 753
    Affected: < 754
    Affected: < 755
    Affected: < 810
    Affected: < 100
    Affected: < 200
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:02:40.215Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2960825"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP Business Planning and Consolidation",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 750"
                },
                {
                  "status": "affected",
                  "version": "\u003c 751"
                },
                {
                  "status": "affected",
                  "version": "\u003c 752"
                },
                {
                  "status": "affected",
                  "version": "\u003c 753"
                },
                {
                  "status": "affected",
                  "version": "\u003c 754"
                },
                {
                  "status": "affected",
                  "version": "\u003c 755"
                },
                {
                  "status": "affected",
                  "version": "\u003c 810"
                },
                {
                  "status": "affected",
                  "version": "\u003c 100"
                },
                {
                  "status": "affected",
                  "version": "\u003c 200"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP Business Planning and Consolidation, versions - 750, 751, 752, 753, 754, 755, 810, 100, 200, can be abused by an attacker, allowing them to modify displayed application content without authorization, and to potentially obtain authentication information from other legitimate users, leading to Cross Site Scripting."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-10-15T01:54:18.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2960825"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2020-6368",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP Business Planning and Consolidation",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "750"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "751"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "752"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "753"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "754"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "755"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "810"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "100"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "200"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SAP Business Planning and Consolidation, versions - 750, 751, 752, 753, 754, 755, 810, 100, 200, can be abused by an attacker, allowing them to modify displayed application content without authorization, and to potentially obtain authentication information from other legitimate users, leading to Cross Site Scripting."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "5.4",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196",
                  "refsource": "MISC",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2960825",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2960825"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2020-6368",
        "datePublished": "2020-10-15T01:54:18.000Z",
        "dateReserved": "2020-01-08T00:00:00.000Z",
        "dateUpdated": "2024-08-04T09:02:40.215Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-6368 (GCVE-0-2020-6368)

    Vulnerability from cvelistv5 – Published: 2020-10-15 01:54 – Updated: 2024-08-04 09:02
    VLAI
    Summary
    SAP Business Planning and Consolidation, versions - 750, 751, 752, 753, 754, 755, 810, 100, 200, can be abused by an attacker, allowing them to modify displayed application content without authorization, and to potentially obtain authentication information from other legitimate users, leading to Cross Site Scripting.
    CWE
    • Cross Site Scripting
    Assigner
    sap
    References
    Impacted products
    Vendor Product Version
    SAP SE SAP Business Planning and Consolidation Affected: < 750
    Affected: < 751
    Affected: < 752
    Affected: < 753
    Affected: < 754
    Affected: < 755
    Affected: < 810
    Affected: < 100
    Affected: < 200
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:02:40.215Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2960825"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP Business Planning and Consolidation",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 750"
                },
                {
                  "status": "affected",
                  "version": "\u003c 751"
                },
                {
                  "status": "affected",
                  "version": "\u003c 752"
                },
                {
                  "status": "affected",
                  "version": "\u003c 753"
                },
                {
                  "status": "affected",
                  "version": "\u003c 754"
                },
                {
                  "status": "affected",
                  "version": "\u003c 755"
                },
                {
                  "status": "affected",
                  "version": "\u003c 810"
                },
                {
                  "status": "affected",
                  "version": "\u003c 100"
                },
                {
                  "status": "affected",
                  "version": "\u003c 200"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP Business Planning and Consolidation, versions - 750, 751, 752, 753, 754, 755, 810, 100, 200, can be abused by an attacker, allowing them to modify displayed application content without authorization, and to potentially obtain authentication information from other legitimate users, leading to Cross Site Scripting."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-10-15T01:54:18.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2960825"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2020-6368",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP Business Planning and Consolidation",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "750"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "751"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "752"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "753"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "754"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "755"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "810"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "100"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "200"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SAP Business Planning and Consolidation, versions - 750, 751, 752, 753, 754, 755, 810, 100, 200, can be abused by an attacker, allowing them to modify displayed application content without authorization, and to potentially obtain authentication information from other legitimate users, leading to Cross Site Scripting."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "5.4",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196",
                  "refsource": "MISC",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2960825",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2960825"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2020-6368",
        "datePublished": "2020-10-15T01:54:18.000Z",
        "dateReserved": "2020-01-08T00:00:00.000Z",
        "dateUpdated": "2024-08-04T09:02:40.215Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }