Search

Find a vulnerability

Search criteria

    20 vulnerabilities found for netweaver_as_abap_business_server_pages by sap

    CVE-2023-29185 (GCVE-0-2023-29185)

    Vulnerability from nvd – Published: 2023-04-11 03:08 – Updated: 2025-02-07 17:12
    VLAI
    Title
    Denial of Service (DOS) in SAP NetWeaver AS for ABAP (Business Server Pages)
    Summary
    SAP NetWeaver AS for ABAP (Business Server Pages) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an attacker authenticated as a non-administrative user to craft a request with certain parameters in certain circumstances which can consume the server's resources sufficiently to make it unavailable over the network without any user interaction.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP NetWeaver AS for ABAP (Business Server Pages) Affected: 700
    Affected: 701
    Affected: 702
    Affected: 731
    Affected: 740
    Affected: 750
    Affected: 751
    Affected: 752
    Affected: 753
    Affected: 754
    Affected: 755
    Affected: 756
    Affected: 757
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:00:15.869Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/3303060"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-29185",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T17:12:25.143854Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-07T17:12:28.598Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "NetWeaver AS for ABAP (Business Server Pages)",
              "vendor": "SAP",
              "versions": [
                {
                  "status": "affected",
                  "version": "700"
                },
                {
                  "status": "affected",
                  "version": "701"
                },
                {
                  "status": "affected",
                  "version": "702"
                },
                {
                  "status": "affected",
                  "version": "731"
                },
                {
                  "status": "affected",
                  "version": "740"
                },
                {
                  "status": "affected",
                  "version": "750"
                },
                {
                  "status": "affected",
                  "version": "751"
                },
                {
                  "status": "affected",
                  "version": "752"
                },
                {
                  "status": "affected",
                  "version": "753"
                },
                {
                  "status": "affected",
                  "version": "754"
                },
                {
                  "status": "affected",
                  "version": "755"
                },
                {
                  "status": "affected",
                  "version": "756"
                },
                {
                  "status": "affected",
                  "version": "757"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eSAP NetWeaver AS for ABAP (Business Server Pages) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an attacker authenticated as a non-administrative user to craft a request with certain parameters in certain circumstances which can consume the server\u0027s resources sufficiently to make it unavailable over the network without any user interaction.\u003c/p\u003e"
                }
              ],
              "value": "SAP NetWeaver AS for ABAP (Business Server Pages) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an attacker authenticated as a non-administrative user to craft a request with certain parameters in certain circumstances which can consume the server\u0027s resources sufficiently to make it unavailable over the network without any user interaction.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400: Uncontrolled Resource Consumption",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-11T20:17:17.240Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://launchpad.support.sap.com/#/notes/3303060"
            },
            {
              "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Denial of Service (DOS) in SAP NetWeaver AS for ABAP (Business Server Pages)",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2023-29185",
        "datePublished": "2023-04-11T03:08:03.125Z",
        "dateReserved": "2023-04-03T09:22:43.157Z",
        "dateUpdated": "2025-02-07T17:12:28.598Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-24529 (GCVE-0-2023-24529)

    Vulnerability from nvd – Published: 2023-02-14 03:19 – Updated: 2025-03-20 20:21
    VLAI
    Summary
    Due to lack of proper input validation, BSP application (CRM_BSP_FRAME) - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75D, 75E, 75F, 75G, 75H, allow malicious inputs from untrusted sources, which can be leveraged by an attacker to execute a Reflected Cross-Site Scripting (XSS) attack. As a result, an attacker may be able to hijack a user session, read and modify some sensitive information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP NetWeaver AS ABAP (Business Server Pages application) Affected: 700
    Affected: 701
    Affected: 702
    Affected: 731
    Affected: 740
    Affected: 750
    Affected: 751
    Affected: 752
    Affected: 75C
    Affected: 75D
    Affected: 75E
    Affected: 75F
    Affected: 75G
    Affected: 75H
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:56:04.273Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/3282663"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-24529",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-20T20:21:20.984968Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-20T20:21:30.580Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "NetWeaver AS ABAP (Business Server Pages application)",
              "vendor": "SAP",
              "versions": [
                {
                  "status": "affected",
                  "version": "700"
                },
                {
                  "status": "affected",
                  "version": "701"
                },
                {
                  "status": "affected",
                  "version": "702"
                },
                {
                  "status": "affected",
                  "version": "731"
                },
                {
                  "status": "affected",
                  "version": "740"
                },
                {
                  "status": "affected",
                  "version": "750"
                },
                {
                  "status": "affected",
                  "version": "751"
                },
                {
                  "status": "affected",
                  "version": "752"
                },
                {
                  "status": "affected",
                  "version": "75C"
                },
                {
                  "status": "affected",
                  "version": "75D"
                },
                {
                  "status": "affected",
                  "version": "75E"
                },
                {
                  "status": "affected",
                  "version": "75F"
                },
                {
                  "status": "affected",
                  "version": "75G"
                },
                {
                  "status": "affected",
                  "version": "75H"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eDue to lack of proper input validation, BSP application (CRM_BSP_FRAME) - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75D, 75E, 75F, 75G, 75H, allow malicious inputs from untrusted sources, which can be leveraged by an attacker to execute a Reflected Cross-Site Scripting (XSS) attack. As a result, an attacker may be able to hijack a user session, read and modify some sensitive information.\u003c/p\u003e"
                }
              ],
              "value": "Due to lack of proper input validation, BSP application (CRM_BSP_FRAME) - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75D, 75E, 75F, 75G, 75H, allow malicious inputs from untrusted sources, which can be leveraged by an attacker to execute a Reflected Cross-Site Scripting (XSS) attack. As a result, an attacker may be able to hijack a user session, read and modify some sensitive information.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-11T21:24:44.858Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://launchpad.support.sap.com/#/notes/3282663"
            },
            {
              "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2023-24529",
        "datePublished": "2023-02-14T03:19:22.690Z",
        "dateReserved": "2023-01-25T15:46:55.581Z",
        "dateUpdated": "2025-03-20T20:21:30.580Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-24521 (GCVE-0-2023-24521)

    Vulnerability from nvd – Published: 2023-02-14 03:16 – Updated: 2025-03-21 14:03
    VLAI
    Summary
    Due to insufficient input sanitization, SAP NetWeaver AS ABAP (BSP Framework) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an unauthenticated user to alter the current session of the user by injecting the malicious code over the network and gain access to the unintended data. This may lead to a limited impact on the confidentiality and the integrity of the application.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP NetWeaver AS ABAP (BSP Framework) Affected: 700
    Affected: 701
    Affected: 702
    Affected: 731
    Affected: 740
    Affected: 750
    Affected: 751
    Affected: 752
    Affected: 753
    Affected: 754
    Affected: 755
    Affected: 756
    Affected: 757
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:56:04.371Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/3269151"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-24521",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-21T14:03:17.636753Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-21T14:03:26.159Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "NetWeaver AS ABAP (BSP Framework)",
              "vendor": "SAP",
              "versions": [
                {
                  "status": "affected",
                  "version": "700"
                },
                {
                  "status": "affected",
                  "version": "701"
                },
                {
                  "status": "affected",
                  "version": "702"
                },
                {
                  "status": "affected",
                  "version": "731"
                },
                {
                  "status": "affected",
                  "version": "740"
                },
                {
                  "status": "affected",
                  "version": "750"
                },
                {
                  "status": "affected",
                  "version": "751"
                },
                {
                  "status": "affected",
                  "version": "752"
                },
                {
                  "status": "affected",
                  "version": "753"
                },
                {
                  "status": "affected",
                  "version": "754"
                },
                {
                  "status": "affected",
                  "version": "755"
                },
                {
                  "status": "affected",
                  "version": "756"
                },
                {
                  "status": "affected",
                  "version": "757"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eDue to insufficient input sanitization, SAP NetWeaver AS ABAP (BSP Framework) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an unauthenticated user to alter the current session of the user by injecting the malicious code over the network and gain access to the unintended data. This may lead to a limited impact on the confidentiality and the integrity of the application.\u003c/p\u003e"
                }
              ],
              "value": "Due to insufficient input sanitization, SAP NetWeaver AS ABAP (BSP Framework) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an unauthenticated user to alter the current session of the user by injecting the malicious code over the network and gain access to the unintended data. This may lead to a limited impact on the confidentiality and the integrity of the application.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-11T21:23:43.830Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://launchpad.support.sap.com/#/notes/3269151"
            },
            {
              "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2023-24521",
        "datePublished": "2023-02-14T03:16:44.948Z",
        "dateReserved": "2023-01-25T15:46:55.580Z",
        "dateUpdated": "2025-03-21T14:03:26.159Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-6324 (GCVE-0-2020-6324)

    Vulnerability from nvd – Published: 2020-09-09 13:10 – Updated: 2024-08-04 08:55
    VLAI
    Summary
    SAP Netweaver AS ABAP(BSP Test Application sbspext_table), version-700,701,720,730,731,740,750,751,752,753,754,755, allows an unauthenticated attacker to send polluted URL to the victim, when the victim clicks on this URL, the attacker can read, modify the information available in the victim�s browser leading to Reflected Cross Site Scripting.
    CWE
    • Cross Site Scripting
    Assigner
    sap
    References
    Impacted products
    Vendor Product Version
    SAP SE SAP NetWeaver AS ABAP (BSP Test Application) Affected: < 700
    Affected: < 701
    Affected: < 702
    Affected: < 730
    Affected: < 731
    Affected: < 740
    Affected: < 750
    Affected: < 751
    Affected: < 752
    Affected: < 753
    Affected: < 754
    Affected: < 755
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:55:22.441Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2948239"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP NetWeaver AS ABAP (BSP Test Application)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 700"
                },
                {
                  "status": "affected",
                  "version": "\u003c 701"
                },
                {
                  "status": "affected",
                  "version": "\u003c 702"
                },
                {
                  "status": "affected",
                  "version": "\u003c 730"
                },
                {
                  "status": "affected",
                  "version": "\u003c 731"
                },
                {
                  "status": "affected",
                  "version": "\u003c 740"
                },
                {
                  "status": "affected",
                  "version": "\u003c 750"
                },
                {
                  "status": "affected",
                  "version": "\u003c 751"
                },
                {
                  "status": "affected",
                  "version": "\u003c 752"
                },
                {
                  "status": "affected",
                  "version": "\u003c 753"
                },
                {
                  "status": "affected",
                  "version": "\u003c 754"
                },
                {
                  "status": "affected",
                  "version": "\u003c 755"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP Netweaver AS ABAP(BSP Test Application sbspext_table), version-700,701,720,730,731,740,750,751,752,753,754,755, allows an unauthenticated attacker to send polluted URL to the victim, when the victim clicks on this URL, the attacker can read, modify the information available in the victim\ufffds browser leading to Reflected Cross Site Scripting."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-09-09T13:10:53.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2948239"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2020-6324",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP NetWeaver AS ABAP (BSP Test Application)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "700"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "701"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "702"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "730"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "731"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "740"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "750"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "751"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "752"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "753"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "754"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "755"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SAP Netweaver AS ABAP(BSP Test Application sbspext_table), version-700,701,720,730,731,740,750,751,752,753,754,755, allows an unauthenticated attacker to send polluted URL to the victim, when the victim clicks on this URL, the attacker can read, modify the information available in the victim\ufffds browser leading to Reflected Cross Site Scripting."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "6.1",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700",
                  "refsource": "MISC",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2948239",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2948239"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2020-6324",
        "datePublished": "2020-09-09T13:10:53.000Z",
        "dateReserved": "2020-01-08T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:55:22.441Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-6246 (GCVE-0-2020-6246)

    Vulnerability from nvd – Published: 2020-06-10 12:34 – Updated: 2024-08-04 08:55
    VLAI
    Summary
    SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_TABLE, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.
    CWE
    • Cross Site Scripting
    Assigner
    sap
    References
    Impacted products
    Vendor Product Version
    SAP SE SAP NetWeaver AS ABAP (Business Server Pages Test Application SBSPEXT_TABLE) Affected: < 700
    Affected: < 701
    Affected: < 702
    Affected: < 730
    Affected: < 731
    Affected: < 740
    Affected: < 750
    Affected: < 751
    Affected: < 752
    Affected: < 753
    Affected: < 754
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:55:22.287Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2878935"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP NetWeaver AS ABAP (Business Server Pages Test Application SBSPEXT_TABLE)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 700"
                },
                {
                  "status": "affected",
                  "version": "\u003c 701"
                },
                {
                  "status": "affected",
                  "version": "\u003c 702"
                },
                {
                  "status": "affected",
                  "version": "\u003c 730"
                },
                {
                  "status": "affected",
                  "version": "\u003c 731"
                },
                {
                  "status": "affected",
                  "version": "\u003c 740"
                },
                {
                  "status": "affected",
                  "version": "\u003c 750"
                },
                {
                  "status": "affected",
                  "version": "\u003c 751"
                },
                {
                  "status": "affected",
                  "version": "\u003c 752"
                },
                {
                  "status": "affected",
                  "version": "\u003c 753"
                },
                {
                  "status": "affected",
                  "version": "\u003c 754"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_TABLE, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-06-10T12:34:37.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2878935"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2020-6246",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP NetWeaver AS ABAP (Business Server Pages Test Application SBSPEXT_TABLE)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "700"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "701"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "702"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "730"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "731"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "740"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "750"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "751"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "752"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "753"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "754"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_TABLE, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "6.1",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775",
                  "refsource": "MISC",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2878935",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2878935"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2020-6246",
        "datePublished": "2020-06-10T12:34:37.000Z",
        "dateReserved": "2020-01-08T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:55:22.287Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-6213 (GCVE-0-2020-6213)

    Vulnerability from nvd – Published: 2020-04-24 22:17 – Updated: 2024-08-04 08:55
    VLAI
    Summary
    SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_PHTMLB, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, is vulnerable to reflected Cross-Site Scripting (XSS) via different URL parameters as it does not sufficiently encode user controlled inputs.
    CWE
    • Cross Site Scripting
    Assigner
    sap
    References
    Impacted products
    Vendor Product Version
    SAP SE SAP NetWeaver AS ABAP (Business Server Pages Test Application SBSPEXT_PHTMLB) Affected: < 700
    Affected: < 701
    Affected: < 702
    Affected: < 730
    Affected: < 731
    Affected: < 740
    Affected: < 750
    Affected: < 751
    Affected: < 752
    Affected: < 753
    Affected: < 754
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:55:22.059Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2872752"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP NetWeaver AS ABAP (Business Server Pages Test Application SBSPEXT_PHTMLB)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 700"
                },
                {
                  "status": "affected",
                  "version": "\u003c 701"
                },
                {
                  "status": "affected",
                  "version": "\u003c 702"
                },
                {
                  "status": "affected",
                  "version": "\u003c 730"
                },
                {
                  "status": "affected",
                  "version": "\u003c 731"
                },
                {
                  "status": "affected",
                  "version": "\u003c 740"
                },
                {
                  "status": "affected",
                  "version": "\u003c 750"
                },
                {
                  "status": "affected",
                  "version": "\u003c 751"
                },
                {
                  "status": "affected",
                  "version": "\u003c 752"
                },
                {
                  "status": "affected",
                  "version": "\u003c 753"
                },
                {
                  "status": "affected",
                  "version": "\u003c 754"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_PHTMLB, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, is vulnerable to reflected Cross-Site Scripting (XSS) via different URL parameters as it does not sufficiently encode user controlled inputs."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-04-24T22:17:15.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2872752"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2020-6213",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP NetWeaver AS ABAP (Business Server Pages Test Application SBSPEXT_PHTMLB)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "700"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "701"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "702"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "730"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "731"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "740"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "750"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "751"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "752"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "753"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "754"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_PHTMLB, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, is vulnerable to reflected Cross-Site Scripting (XSS) via different URL parameters as it does not sufficiently encode user controlled inputs."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "6.1",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202",
                  "refsource": "MISC",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2872752",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2872752"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2020-6213",
        "datePublished": "2020-04-24T22:17:15.000Z",
        "dateReserved": "2020-01-08T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:55:22.059Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-6217 (GCVE-0-2020-6217)

    Vulnerability from nvd – Published: 2020-04-14 19:41 – Updated: 2024-08-04 08:55
    VLAI
    Summary
    SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.
    CWE
    • Cross Site Scripting
    Assigner
    sap
    References
    Impacted products
    Vendor Product Version
    SAP SE SAP NetWeaver AS ABAP (Business Server Pages Test Application IT05) Affected: < 700
    Affected: < 701
    Affected: < 702
    Affected: < 730
    Affected: < 731
    Affected: < 740
    Affected: < 750
    Affected: < 751
    Affected: < 752
    Affected: < 753
    Affected: < 754
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:55:22.141Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2872545"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP NetWeaver AS ABAP (Business Server Pages Test Application IT05)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 700"
                },
                {
                  "status": "affected",
                  "version": "\u003c 701"
                },
                {
                  "status": "affected",
                  "version": "\u003c 702"
                },
                {
                  "status": "affected",
                  "version": "\u003c 730"
                },
                {
                  "status": "affected",
                  "version": "\u003c 731"
                },
                {
                  "status": "affected",
                  "version": "\u003c 740"
                },
                {
                  "status": "affected",
                  "version": "\u003c 750"
                },
                {
                  "status": "affected",
                  "version": "\u003c 751"
                },
                {
                  "status": "affected",
                  "version": "\u003c 752"
                },
                {
                  "status": "affected",
                  "version": "\u003c 753"
                },
                {
                  "status": "affected",
                  "version": "\u003c 754"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-04-14T19:41:34.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2872545"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2020-6217",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP NetWeaver AS ABAP (Business Server Pages Test Application IT05)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "700"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "701"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "702"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "730"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "731"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "740"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "750"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "751"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "752"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "753"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "754"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "6.1",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202",
                  "refsource": "MISC",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2872545",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2872545"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2020-6217",
        "datePublished": "2020-04-14T19:41:34.000Z",
        "dateReserved": "2020-01-08T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:55:22.141Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-6215 (GCVE-0-2020-6215)

    Vulnerability from nvd – Published: 2020-04-14 00:00 – Updated: 2024-08-04 08:55
    VLAI
    Summary
    SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, allows an attacker to redirect users to a malicious site due to insufficient URL validation and steal credentials of the victim, leading to URL Redirection vulnerability.
    CWE
    • URL Redirection
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP SE SAP NetWeaver AS ABAP (Business Server Pages Test Application IT00) Affected: < 700
    Affected: < 701
    Affected: < 702
    Affected: < 730
    Affected: < 731
    Affected: < 740
    Affected: < 750
    Affected: < 751
    Affected: < 752
    Affected: < 753
    Affected: < 754
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:55:22.077Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2872782"
              },
              {
                "name": "20231005 SEC Consult SA-20231005 :: Open Redirect in SAP BSP Test Application it00 (Bypass for CVE-2020-6215 Patch)",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2023/Oct/13"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/174985/SAP-Application-Server-ABAP-Open-Redirection.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP NetWeaver AS ABAP (Business Server Pages Test Application IT00)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 700"
                },
                {
                  "status": "affected",
                  "version": "\u003c 701"
                },
                {
                  "status": "affected",
                  "version": "\u003c 702"
                },
                {
                  "status": "affected",
                  "version": "\u003c 730"
                },
                {
                  "status": "affected",
                  "version": "\u003c 731"
                },
                {
                  "status": "affected",
                  "version": "\u003c 740"
                },
                {
                  "status": "affected",
                  "version": "\u003c 750"
                },
                {
                  "status": "affected",
                  "version": "\u003c 751"
                },
                {
                  "status": "affected",
                  "version": "\u003c 752"
                },
                {
                  "status": "affected",
                  "version": "\u003c 753"
                },
                {
                  "status": "affected",
                  "version": "\u003c 754"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, allows an attacker to redirect users to a malicious site due to insufficient URL validation and steal credentials of the victim, leading to URL Redirection vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "URL Redirection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-06T16:06:17.300Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202"
            },
            {
              "url": "https://launchpad.support.sap.com/#/notes/2872782"
            },
            {
              "name": "20231005 SEC Consult SA-20231005 :: Open Redirect in SAP BSP Test Application it00 (Bypass for CVE-2020-6215 Patch)",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2023/Oct/13"
            },
            {
              "url": "http://packetstormsecurity.com/files/174985/SAP-Application-Server-ABAP-Open-Redirection.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2020-6215",
        "datePublished": "2020-04-14T00:00:00.000Z",
        "dateReserved": "2020-01-08T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:55:22.077Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-6229 (GCVE-0-2020-6229)

    Vulnerability from nvd – Published: 2020-04-14 18:20 – Updated: 2024-08-04 08:55
    VLAI
    Summary
    SAP NetWeaver AS ABAP (Business Server Pages application CRM_BSP_FRAME), versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not sufficiently encode user controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.
    CWE
    • Cross Site Scripting
    Assigner
    sap
    References
    Impacted products
    Vendor Product Version
    SAP SE SAP NetWeaver AS ABAP (Business Server Pages application CRM_BSP_FRAME) Affected: < 700
    Affected: < 701
    Affected: < 702
    Affected: < 710
    Affected: < 711
    Affected: < 730
    Affected: < 731
    Affected: < 740
    Affected: < 750
    Affected: < 751
    Affected: < 752
    Affected: < 75A
    Affected: < 75B
    Affected: < 75C
    Affected: < 75D
    Affected: < 75E
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:55:22.172Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2900374"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP NetWeaver AS ABAP (Business Server Pages application CRM_BSP_FRAME)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 700"
                },
                {
                  "status": "affected",
                  "version": "\u003c 701"
                },
                {
                  "status": "affected",
                  "version": "\u003c 702"
                },
                {
                  "status": "affected",
                  "version": "\u003c 710"
                },
                {
                  "status": "affected",
                  "version": "\u003c 711"
                },
                {
                  "status": "affected",
                  "version": "\u003c 730"
                },
                {
                  "status": "affected",
                  "version": "\u003c 731"
                },
                {
                  "status": "affected",
                  "version": "\u003c 740"
                },
                {
                  "status": "affected",
                  "version": "\u003c 750"
                },
                {
                  "status": "affected",
                  "version": "\u003c 751"
                },
                {
                  "status": "affected",
                  "version": "\u003c 752"
                },
                {
                  "status": "affected",
                  "version": "\u003c 75A"
                },
                {
                  "status": "affected",
                  "version": "\u003c 75B"
                },
                {
                  "status": "affected",
                  "version": "\u003c 75C"
                },
                {
                  "status": "affected",
                  "version": "\u003c 75D"
                },
                {
                  "status": "affected",
                  "version": "\u003c 75E"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP NetWeaver AS ABAP (Business Server Pages application CRM_BSP_FRAME), versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not sufficiently encode user controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-04-14T18:20:21.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2900374"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2020-6229",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP NetWeaver AS ABAP (Business Server Pages application CRM_BSP_FRAME)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "700"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "701"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "702"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "710"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "711"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "730"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "731"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "740"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "750"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "751"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "752"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "75A"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "75B"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "75C"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "75D"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "75E"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SAP NetWeaver AS ABAP (Business Server Pages application CRM_BSP_FRAME), versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not sufficiently encode user controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "6.1",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202",
                  "refsource": "MISC",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2900374",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2900374"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2020-6229",
        "datePublished": "2020-04-14T18:20:21.000Z",
        "dateReserved": "2020-01-08T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:55:22.172Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-6205 (GCVE-0-2020-6205)

    Vulnerability from nvd – Published: 2020-03-10 20:20 – Updated: 2024-08-04 08:55
    VLAI
    Summary
    SAP NetWeaver AS ABAP Business Server Pages (Smart Forms), SAP_BASIS versions- 7.00, 7.01, 7.02, 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, 7.51, 7.52, 7.53, 7.54; does not sufficiently encode user controlled inputs, allowing an unauthenticated attacker to non-permanently deface or modify displayed content and/or steal authentication information of the user and/or impersonate the user and access all information with the same rights as the target user, leading to Reflected Cross Site Scripting Vulnerability.
    CWE
    • Cross Site Scripting
    Assigner
    sap
    References
    Impacted products
    Vendor Product Version
    SAP SE SAP NetWeaver Application Server ABAP (Smart Forms) - SAP_BASIS Affected: < 7.00
    Affected: < 7.01
    Affected: < 7.02
    Affected: < 7.10
    Affected: < 7.11
    Affected: < 7.30
    Affected: < 7.31
    Affected: < 7.40
    Affected: < 7.50
    Affected: < 7.51
    Affected: < 7.52
    Affected: < 7.53
    Affected: < 7.54
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:55:21.876Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2884910"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP NetWeaver Application Server ABAP (Smart Forms) - SAP_BASIS",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 7.00"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.01"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.02"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.10"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.11"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.30"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.31"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.40"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.50"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.51"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.52"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.53"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.54"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP NetWeaver AS ABAP Business Server Pages (Smart Forms), SAP_BASIS versions- 7.00, 7.01, 7.02, 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, 7.51, 7.52, 7.53, 7.54; does not sufficiently encode user controlled inputs, allowing an unauthenticated attacker to non-permanently deface or modify displayed content and/or steal authentication information of the user and/or impersonate the user and access all information with the same rights as the target user, leading to Reflected Cross Site Scripting Vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-10T20:20:21.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2884910"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2020-6205",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP NetWeaver Application Server ABAP (Smart Forms) - SAP_BASIS",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "7.00"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.01"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.02"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.10"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.11"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.30"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.31"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.40"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.50"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.51"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.52"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.53"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.54"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SAP NetWeaver AS ABAP Business Server Pages (Smart Forms), SAP_BASIS versions- 7.00, 7.01, 7.02, 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, 7.51, 7.52, 7.53, 7.54; does not sufficiently encode user controlled inputs, allowing an unauthenticated attacker to non-permanently deface or modify displayed content and/or steal authentication information of the user and/or impersonate the user and access all information with the same rights as the target user, leading to Reflected Cross Site Scripting Vulnerability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "6.1",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305",
                  "refsource": "MISC",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2884910",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2884910"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2020-6205",
        "datePublished": "2020-03-10T20:20:21.000Z",
        "dateReserved": "2020-01-08T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:55:21.876Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-29185 (GCVE-0-2023-29185)

    Vulnerability from cvelistv5 – Published: 2023-04-11 03:08 – Updated: 2025-02-07 17:12
    VLAI
    Title
    Denial of Service (DOS) in SAP NetWeaver AS for ABAP (Business Server Pages)
    Summary
    SAP NetWeaver AS for ABAP (Business Server Pages) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an attacker authenticated as a non-administrative user to craft a request with certain parameters in certain circumstances which can consume the server's resources sufficiently to make it unavailable over the network without any user interaction.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP NetWeaver AS for ABAP (Business Server Pages) Affected: 700
    Affected: 701
    Affected: 702
    Affected: 731
    Affected: 740
    Affected: 750
    Affected: 751
    Affected: 752
    Affected: 753
    Affected: 754
    Affected: 755
    Affected: 756
    Affected: 757
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:00:15.869Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/3303060"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-29185",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T17:12:25.143854Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-07T17:12:28.598Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "NetWeaver AS for ABAP (Business Server Pages)",
              "vendor": "SAP",
              "versions": [
                {
                  "status": "affected",
                  "version": "700"
                },
                {
                  "status": "affected",
                  "version": "701"
                },
                {
                  "status": "affected",
                  "version": "702"
                },
                {
                  "status": "affected",
                  "version": "731"
                },
                {
                  "status": "affected",
                  "version": "740"
                },
                {
                  "status": "affected",
                  "version": "750"
                },
                {
                  "status": "affected",
                  "version": "751"
                },
                {
                  "status": "affected",
                  "version": "752"
                },
                {
                  "status": "affected",
                  "version": "753"
                },
                {
                  "status": "affected",
                  "version": "754"
                },
                {
                  "status": "affected",
                  "version": "755"
                },
                {
                  "status": "affected",
                  "version": "756"
                },
                {
                  "status": "affected",
                  "version": "757"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eSAP NetWeaver AS for ABAP (Business Server Pages) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an attacker authenticated as a non-administrative user to craft a request with certain parameters in certain circumstances which can consume the server\u0027s resources sufficiently to make it unavailable over the network without any user interaction.\u003c/p\u003e"
                }
              ],
              "value": "SAP NetWeaver AS for ABAP (Business Server Pages) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an attacker authenticated as a non-administrative user to craft a request with certain parameters in certain circumstances which can consume the server\u0027s resources sufficiently to make it unavailable over the network without any user interaction.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400: Uncontrolled Resource Consumption",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-11T20:17:17.240Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://launchpad.support.sap.com/#/notes/3303060"
            },
            {
              "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Denial of Service (DOS) in SAP NetWeaver AS for ABAP (Business Server Pages)",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2023-29185",
        "datePublished": "2023-04-11T03:08:03.125Z",
        "dateReserved": "2023-04-03T09:22:43.157Z",
        "dateUpdated": "2025-02-07T17:12:28.598Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-24529 (GCVE-0-2023-24529)

    Vulnerability from cvelistv5 – Published: 2023-02-14 03:19 – Updated: 2025-03-20 20:21
    VLAI
    Summary
    Due to lack of proper input validation, BSP application (CRM_BSP_FRAME) - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75D, 75E, 75F, 75G, 75H, allow malicious inputs from untrusted sources, which can be leveraged by an attacker to execute a Reflected Cross-Site Scripting (XSS) attack. As a result, an attacker may be able to hijack a user session, read and modify some sensitive information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP NetWeaver AS ABAP (Business Server Pages application) Affected: 700
    Affected: 701
    Affected: 702
    Affected: 731
    Affected: 740
    Affected: 750
    Affected: 751
    Affected: 752
    Affected: 75C
    Affected: 75D
    Affected: 75E
    Affected: 75F
    Affected: 75G
    Affected: 75H
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:56:04.273Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/3282663"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-24529",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-20T20:21:20.984968Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-20T20:21:30.580Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "NetWeaver AS ABAP (Business Server Pages application)",
              "vendor": "SAP",
              "versions": [
                {
                  "status": "affected",
                  "version": "700"
                },
                {
                  "status": "affected",
                  "version": "701"
                },
                {
                  "status": "affected",
                  "version": "702"
                },
                {
                  "status": "affected",
                  "version": "731"
                },
                {
                  "status": "affected",
                  "version": "740"
                },
                {
                  "status": "affected",
                  "version": "750"
                },
                {
                  "status": "affected",
                  "version": "751"
                },
                {
                  "status": "affected",
                  "version": "752"
                },
                {
                  "status": "affected",
                  "version": "75C"
                },
                {
                  "status": "affected",
                  "version": "75D"
                },
                {
                  "status": "affected",
                  "version": "75E"
                },
                {
                  "status": "affected",
                  "version": "75F"
                },
                {
                  "status": "affected",
                  "version": "75G"
                },
                {
                  "status": "affected",
                  "version": "75H"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eDue to lack of proper input validation, BSP application (CRM_BSP_FRAME) - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75D, 75E, 75F, 75G, 75H, allow malicious inputs from untrusted sources, which can be leveraged by an attacker to execute a Reflected Cross-Site Scripting (XSS) attack. As a result, an attacker may be able to hijack a user session, read and modify some sensitive information.\u003c/p\u003e"
                }
              ],
              "value": "Due to lack of proper input validation, BSP application (CRM_BSP_FRAME) - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75D, 75E, 75F, 75G, 75H, allow malicious inputs from untrusted sources, which can be leveraged by an attacker to execute a Reflected Cross-Site Scripting (XSS) attack. As a result, an attacker may be able to hijack a user session, read and modify some sensitive information.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-11T21:24:44.858Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://launchpad.support.sap.com/#/notes/3282663"
            },
            {
              "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2023-24529",
        "datePublished": "2023-02-14T03:19:22.690Z",
        "dateReserved": "2023-01-25T15:46:55.581Z",
        "dateUpdated": "2025-03-20T20:21:30.580Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-24521 (GCVE-0-2023-24521)

    Vulnerability from cvelistv5 – Published: 2023-02-14 03:16 – Updated: 2025-03-21 14:03
    VLAI
    Summary
    Due to insufficient input sanitization, SAP NetWeaver AS ABAP (BSP Framework) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an unauthenticated user to alter the current session of the user by injecting the malicious code over the network and gain access to the unintended data. This may lead to a limited impact on the confidentiality and the integrity of the application.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP NetWeaver AS ABAP (BSP Framework) Affected: 700
    Affected: 701
    Affected: 702
    Affected: 731
    Affected: 740
    Affected: 750
    Affected: 751
    Affected: 752
    Affected: 753
    Affected: 754
    Affected: 755
    Affected: 756
    Affected: 757
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:56:04.371Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/3269151"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-24521",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-21T14:03:17.636753Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-21T14:03:26.159Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "NetWeaver AS ABAP (BSP Framework)",
              "vendor": "SAP",
              "versions": [
                {
                  "status": "affected",
                  "version": "700"
                },
                {
                  "status": "affected",
                  "version": "701"
                },
                {
                  "status": "affected",
                  "version": "702"
                },
                {
                  "status": "affected",
                  "version": "731"
                },
                {
                  "status": "affected",
                  "version": "740"
                },
                {
                  "status": "affected",
                  "version": "750"
                },
                {
                  "status": "affected",
                  "version": "751"
                },
                {
                  "status": "affected",
                  "version": "752"
                },
                {
                  "status": "affected",
                  "version": "753"
                },
                {
                  "status": "affected",
                  "version": "754"
                },
                {
                  "status": "affected",
                  "version": "755"
                },
                {
                  "status": "affected",
                  "version": "756"
                },
                {
                  "status": "affected",
                  "version": "757"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eDue to insufficient input sanitization, SAP NetWeaver AS ABAP (BSP Framework) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an unauthenticated user to alter the current session of the user by injecting the malicious code over the network and gain access to the unintended data. This may lead to a limited impact on the confidentiality and the integrity of the application.\u003c/p\u003e"
                }
              ],
              "value": "Due to insufficient input sanitization, SAP NetWeaver AS ABAP (BSP Framework) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an unauthenticated user to alter the current session of the user by injecting the malicious code over the network and gain access to the unintended data. This may lead to a limited impact on the confidentiality and the integrity of the application.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-11T21:23:43.830Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://launchpad.support.sap.com/#/notes/3269151"
            },
            {
              "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2023-24521",
        "datePublished": "2023-02-14T03:16:44.948Z",
        "dateReserved": "2023-01-25T15:46:55.580Z",
        "dateUpdated": "2025-03-21T14:03:26.159Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-6324 (GCVE-0-2020-6324)

    Vulnerability from cvelistv5 – Published: 2020-09-09 13:10 – Updated: 2024-08-04 08:55
    VLAI
    Summary
    SAP Netweaver AS ABAP(BSP Test Application sbspext_table), version-700,701,720,730,731,740,750,751,752,753,754,755, allows an unauthenticated attacker to send polluted URL to the victim, when the victim clicks on this URL, the attacker can read, modify the information available in the victim�s browser leading to Reflected Cross Site Scripting.
    CWE
    • Cross Site Scripting
    Assigner
    sap
    References
    Impacted products
    Vendor Product Version
    SAP SE SAP NetWeaver AS ABAP (BSP Test Application) Affected: < 700
    Affected: < 701
    Affected: < 702
    Affected: < 730
    Affected: < 731
    Affected: < 740
    Affected: < 750
    Affected: < 751
    Affected: < 752
    Affected: < 753
    Affected: < 754
    Affected: < 755
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:55:22.441Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2948239"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP NetWeaver AS ABAP (BSP Test Application)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 700"
                },
                {
                  "status": "affected",
                  "version": "\u003c 701"
                },
                {
                  "status": "affected",
                  "version": "\u003c 702"
                },
                {
                  "status": "affected",
                  "version": "\u003c 730"
                },
                {
                  "status": "affected",
                  "version": "\u003c 731"
                },
                {
                  "status": "affected",
                  "version": "\u003c 740"
                },
                {
                  "status": "affected",
                  "version": "\u003c 750"
                },
                {
                  "status": "affected",
                  "version": "\u003c 751"
                },
                {
                  "status": "affected",
                  "version": "\u003c 752"
                },
                {
                  "status": "affected",
                  "version": "\u003c 753"
                },
                {
                  "status": "affected",
                  "version": "\u003c 754"
                },
                {
                  "status": "affected",
                  "version": "\u003c 755"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP Netweaver AS ABAP(BSP Test Application sbspext_table), version-700,701,720,730,731,740,750,751,752,753,754,755, allows an unauthenticated attacker to send polluted URL to the victim, when the victim clicks on this URL, the attacker can read, modify the information available in the victim\ufffds browser leading to Reflected Cross Site Scripting."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-09-09T13:10:53.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2948239"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2020-6324",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP NetWeaver AS ABAP (BSP Test Application)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "700"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "701"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "702"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "730"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "731"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "740"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "750"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "751"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "752"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "753"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "754"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "755"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SAP Netweaver AS ABAP(BSP Test Application sbspext_table), version-700,701,720,730,731,740,750,751,752,753,754,755, allows an unauthenticated attacker to send polluted URL to the victim, when the victim clicks on this URL, the attacker can read, modify the information available in the victim\ufffds browser leading to Reflected Cross Site Scripting."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "6.1",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700",
                  "refsource": "MISC",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2948239",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2948239"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2020-6324",
        "datePublished": "2020-09-09T13:10:53.000Z",
        "dateReserved": "2020-01-08T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:55:22.441Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-6246 (GCVE-0-2020-6246)

    Vulnerability from cvelistv5 – Published: 2020-06-10 12:34 – Updated: 2024-08-04 08:55
    VLAI
    Summary
    SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_TABLE, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.
    CWE
    • Cross Site Scripting
    Assigner
    sap
    References
    Impacted products
    Vendor Product Version
    SAP SE SAP NetWeaver AS ABAP (Business Server Pages Test Application SBSPEXT_TABLE) Affected: < 700
    Affected: < 701
    Affected: < 702
    Affected: < 730
    Affected: < 731
    Affected: < 740
    Affected: < 750
    Affected: < 751
    Affected: < 752
    Affected: < 753
    Affected: < 754
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:55:22.287Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2878935"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP NetWeaver AS ABAP (Business Server Pages Test Application SBSPEXT_TABLE)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 700"
                },
                {
                  "status": "affected",
                  "version": "\u003c 701"
                },
                {
                  "status": "affected",
                  "version": "\u003c 702"
                },
                {
                  "status": "affected",
                  "version": "\u003c 730"
                },
                {
                  "status": "affected",
                  "version": "\u003c 731"
                },
                {
                  "status": "affected",
                  "version": "\u003c 740"
                },
                {
                  "status": "affected",
                  "version": "\u003c 750"
                },
                {
                  "status": "affected",
                  "version": "\u003c 751"
                },
                {
                  "status": "affected",
                  "version": "\u003c 752"
                },
                {
                  "status": "affected",
                  "version": "\u003c 753"
                },
                {
                  "status": "affected",
                  "version": "\u003c 754"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_TABLE, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-06-10T12:34:37.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2878935"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2020-6246",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP NetWeaver AS ABAP (Business Server Pages Test Application SBSPEXT_TABLE)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "700"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "701"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "702"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "730"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "731"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "740"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "750"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "751"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "752"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "753"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "754"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_TABLE, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "6.1",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775",
                  "refsource": "MISC",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2878935",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2878935"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2020-6246",
        "datePublished": "2020-06-10T12:34:37.000Z",
        "dateReserved": "2020-01-08T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:55:22.287Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-6213 (GCVE-0-2020-6213)

    Vulnerability from cvelistv5 – Published: 2020-04-24 22:17 – Updated: 2024-08-04 08:55
    VLAI
    Summary
    SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_PHTMLB, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, is vulnerable to reflected Cross-Site Scripting (XSS) via different URL parameters as it does not sufficiently encode user controlled inputs.
    CWE
    • Cross Site Scripting
    Assigner
    sap
    References
    Impacted products
    Vendor Product Version
    SAP SE SAP NetWeaver AS ABAP (Business Server Pages Test Application SBSPEXT_PHTMLB) Affected: < 700
    Affected: < 701
    Affected: < 702
    Affected: < 730
    Affected: < 731
    Affected: < 740
    Affected: < 750
    Affected: < 751
    Affected: < 752
    Affected: < 753
    Affected: < 754
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:55:22.059Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2872752"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP NetWeaver AS ABAP (Business Server Pages Test Application SBSPEXT_PHTMLB)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 700"
                },
                {
                  "status": "affected",
                  "version": "\u003c 701"
                },
                {
                  "status": "affected",
                  "version": "\u003c 702"
                },
                {
                  "status": "affected",
                  "version": "\u003c 730"
                },
                {
                  "status": "affected",
                  "version": "\u003c 731"
                },
                {
                  "status": "affected",
                  "version": "\u003c 740"
                },
                {
                  "status": "affected",
                  "version": "\u003c 750"
                },
                {
                  "status": "affected",
                  "version": "\u003c 751"
                },
                {
                  "status": "affected",
                  "version": "\u003c 752"
                },
                {
                  "status": "affected",
                  "version": "\u003c 753"
                },
                {
                  "status": "affected",
                  "version": "\u003c 754"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_PHTMLB, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, is vulnerable to reflected Cross-Site Scripting (XSS) via different URL parameters as it does not sufficiently encode user controlled inputs."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-04-24T22:17:15.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2872752"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2020-6213",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP NetWeaver AS ABAP (Business Server Pages Test Application SBSPEXT_PHTMLB)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "700"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "701"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "702"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "730"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "731"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "740"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "750"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "751"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "752"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "753"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "754"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_PHTMLB, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, is vulnerable to reflected Cross-Site Scripting (XSS) via different URL parameters as it does not sufficiently encode user controlled inputs."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "6.1",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202",
                  "refsource": "MISC",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2872752",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2872752"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2020-6213",
        "datePublished": "2020-04-24T22:17:15.000Z",
        "dateReserved": "2020-01-08T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:55:22.059Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-6217 (GCVE-0-2020-6217)

    Vulnerability from cvelistv5 – Published: 2020-04-14 19:41 – Updated: 2024-08-04 08:55
    VLAI
    Summary
    SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.
    CWE
    • Cross Site Scripting
    Assigner
    sap
    References
    Impacted products
    Vendor Product Version
    SAP SE SAP NetWeaver AS ABAP (Business Server Pages Test Application IT05) Affected: < 700
    Affected: < 701
    Affected: < 702
    Affected: < 730
    Affected: < 731
    Affected: < 740
    Affected: < 750
    Affected: < 751
    Affected: < 752
    Affected: < 753
    Affected: < 754
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:55:22.141Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2872545"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP NetWeaver AS ABAP (Business Server Pages Test Application IT05)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 700"
                },
                {
                  "status": "affected",
                  "version": "\u003c 701"
                },
                {
                  "status": "affected",
                  "version": "\u003c 702"
                },
                {
                  "status": "affected",
                  "version": "\u003c 730"
                },
                {
                  "status": "affected",
                  "version": "\u003c 731"
                },
                {
                  "status": "affected",
                  "version": "\u003c 740"
                },
                {
                  "status": "affected",
                  "version": "\u003c 750"
                },
                {
                  "status": "affected",
                  "version": "\u003c 751"
                },
                {
                  "status": "affected",
                  "version": "\u003c 752"
                },
                {
                  "status": "affected",
                  "version": "\u003c 753"
                },
                {
                  "status": "affected",
                  "version": "\u003c 754"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-04-14T19:41:34.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2872545"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2020-6217",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP NetWeaver AS ABAP (Business Server Pages Test Application IT05)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "700"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "701"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "702"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "730"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "731"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "740"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "750"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "751"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "752"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "753"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "754"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "6.1",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202",
                  "refsource": "MISC",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2872545",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2872545"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2020-6217",
        "datePublished": "2020-04-14T19:41:34.000Z",
        "dateReserved": "2020-01-08T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:55:22.141Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-6229 (GCVE-0-2020-6229)

    Vulnerability from cvelistv5 – Published: 2020-04-14 18:20 – Updated: 2024-08-04 08:55
    VLAI
    Summary
    SAP NetWeaver AS ABAP (Business Server Pages application CRM_BSP_FRAME), versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not sufficiently encode user controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.
    CWE
    • Cross Site Scripting
    Assigner
    sap
    References
    Impacted products
    Vendor Product Version
    SAP SE SAP NetWeaver AS ABAP (Business Server Pages application CRM_BSP_FRAME) Affected: < 700
    Affected: < 701
    Affected: < 702
    Affected: < 710
    Affected: < 711
    Affected: < 730
    Affected: < 731
    Affected: < 740
    Affected: < 750
    Affected: < 751
    Affected: < 752
    Affected: < 75A
    Affected: < 75B
    Affected: < 75C
    Affected: < 75D
    Affected: < 75E
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:55:22.172Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2900374"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP NetWeaver AS ABAP (Business Server Pages application CRM_BSP_FRAME)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 700"
                },
                {
                  "status": "affected",
                  "version": "\u003c 701"
                },
                {
                  "status": "affected",
                  "version": "\u003c 702"
                },
                {
                  "status": "affected",
                  "version": "\u003c 710"
                },
                {
                  "status": "affected",
                  "version": "\u003c 711"
                },
                {
                  "status": "affected",
                  "version": "\u003c 730"
                },
                {
                  "status": "affected",
                  "version": "\u003c 731"
                },
                {
                  "status": "affected",
                  "version": "\u003c 740"
                },
                {
                  "status": "affected",
                  "version": "\u003c 750"
                },
                {
                  "status": "affected",
                  "version": "\u003c 751"
                },
                {
                  "status": "affected",
                  "version": "\u003c 752"
                },
                {
                  "status": "affected",
                  "version": "\u003c 75A"
                },
                {
                  "status": "affected",
                  "version": "\u003c 75B"
                },
                {
                  "status": "affected",
                  "version": "\u003c 75C"
                },
                {
                  "status": "affected",
                  "version": "\u003c 75D"
                },
                {
                  "status": "affected",
                  "version": "\u003c 75E"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP NetWeaver AS ABAP (Business Server Pages application CRM_BSP_FRAME), versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not sufficiently encode user controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-04-14T18:20:21.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2900374"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2020-6229",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP NetWeaver AS ABAP (Business Server Pages application CRM_BSP_FRAME)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "700"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "701"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "702"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "710"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "711"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "730"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "731"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "740"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "750"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "751"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "752"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "75A"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "75B"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "75C"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "75D"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "75E"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SAP NetWeaver AS ABAP (Business Server Pages application CRM_BSP_FRAME), versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not sufficiently encode user controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "6.1",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202",
                  "refsource": "MISC",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2900374",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2900374"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2020-6229",
        "datePublished": "2020-04-14T18:20:21.000Z",
        "dateReserved": "2020-01-08T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:55:22.172Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-6215 (GCVE-0-2020-6215)

    Vulnerability from cvelistv5 – Published: 2020-04-14 00:00 – Updated: 2024-08-04 08:55
    VLAI
    Summary
    SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, allows an attacker to redirect users to a malicious site due to insufficient URL validation and steal credentials of the victim, leading to URL Redirection vulnerability.
    CWE
    • URL Redirection
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP SE SAP NetWeaver AS ABAP (Business Server Pages Test Application IT00) Affected: < 700
    Affected: < 701
    Affected: < 702
    Affected: < 730
    Affected: < 731
    Affected: < 740
    Affected: < 750
    Affected: < 751
    Affected: < 752
    Affected: < 753
    Affected: < 754
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:55:22.077Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2872782"
              },
              {
                "name": "20231005 SEC Consult SA-20231005 :: Open Redirect in SAP BSP Test Application it00 (Bypass for CVE-2020-6215 Patch)",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2023/Oct/13"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/174985/SAP-Application-Server-ABAP-Open-Redirection.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP NetWeaver AS ABAP (Business Server Pages Test Application IT00)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 700"
                },
                {
                  "status": "affected",
                  "version": "\u003c 701"
                },
                {
                  "status": "affected",
                  "version": "\u003c 702"
                },
                {
                  "status": "affected",
                  "version": "\u003c 730"
                },
                {
                  "status": "affected",
                  "version": "\u003c 731"
                },
                {
                  "status": "affected",
                  "version": "\u003c 740"
                },
                {
                  "status": "affected",
                  "version": "\u003c 750"
                },
                {
                  "status": "affected",
                  "version": "\u003c 751"
                },
                {
                  "status": "affected",
                  "version": "\u003c 752"
                },
                {
                  "status": "affected",
                  "version": "\u003c 753"
                },
                {
                  "status": "affected",
                  "version": "\u003c 754"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, allows an attacker to redirect users to a malicious site due to insufficient URL validation and steal credentials of the victim, leading to URL Redirection vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "URL Redirection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-06T16:06:17.300Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202"
            },
            {
              "url": "https://launchpad.support.sap.com/#/notes/2872782"
            },
            {
              "name": "20231005 SEC Consult SA-20231005 :: Open Redirect in SAP BSP Test Application it00 (Bypass for CVE-2020-6215 Patch)",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2023/Oct/13"
            },
            {
              "url": "http://packetstormsecurity.com/files/174985/SAP-Application-Server-ABAP-Open-Redirection.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2020-6215",
        "datePublished": "2020-04-14T00:00:00.000Z",
        "dateReserved": "2020-01-08T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:55:22.077Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-6205 (GCVE-0-2020-6205)

    Vulnerability from cvelistv5 – Published: 2020-03-10 20:20 – Updated: 2024-08-04 08:55
    VLAI
    Summary
    SAP NetWeaver AS ABAP Business Server Pages (Smart Forms), SAP_BASIS versions- 7.00, 7.01, 7.02, 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, 7.51, 7.52, 7.53, 7.54; does not sufficiently encode user controlled inputs, allowing an unauthenticated attacker to non-permanently deface or modify displayed content and/or steal authentication information of the user and/or impersonate the user and access all information with the same rights as the target user, leading to Reflected Cross Site Scripting Vulnerability.
    CWE
    • Cross Site Scripting
    Assigner
    sap
    References
    Impacted products
    Vendor Product Version
    SAP SE SAP NetWeaver Application Server ABAP (Smart Forms) - SAP_BASIS Affected: < 7.00
    Affected: < 7.01
    Affected: < 7.02
    Affected: < 7.10
    Affected: < 7.11
    Affected: < 7.30
    Affected: < 7.31
    Affected: < 7.40
    Affected: < 7.50
    Affected: < 7.51
    Affected: < 7.52
    Affected: < 7.53
    Affected: < 7.54
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:55:21.876Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2884910"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP NetWeaver Application Server ABAP (Smart Forms) - SAP_BASIS",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 7.00"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.01"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.02"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.10"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.11"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.30"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.31"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.40"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.50"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.51"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.52"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.53"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.54"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP NetWeaver AS ABAP Business Server Pages (Smart Forms), SAP_BASIS versions- 7.00, 7.01, 7.02, 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, 7.51, 7.52, 7.53, 7.54; does not sufficiently encode user controlled inputs, allowing an unauthenticated attacker to non-permanently deface or modify displayed content and/or steal authentication information of the user and/or impersonate the user and access all information with the same rights as the target user, leading to Reflected Cross Site Scripting Vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-10T20:20:21.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2884910"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2020-6205",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP NetWeaver Application Server ABAP (Smart Forms) - SAP_BASIS",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "7.00"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.01"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.02"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.10"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.11"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.30"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.31"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.40"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.50"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.51"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.52"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.53"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.54"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SAP NetWeaver AS ABAP Business Server Pages (Smart Forms), SAP_BASIS versions- 7.00, 7.01, 7.02, 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, 7.51, 7.52, 7.53, 7.54; does not sufficiently encode user controlled inputs, allowing an unauthenticated attacker to non-permanently deface or modify displayed content and/or steal authentication information of the user and/or impersonate the user and access all information with the same rights as the target user, leading to Reflected Cross Site Scripting Vulnerability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "6.1",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305",
                  "refsource": "MISC",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2884910",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2884910"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2020-6205",
        "datePublished": "2020-03-10T20:20:21.000Z",
        "dateReserved": "2020-01-08T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:55:21.876Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }