{"containers": {"cna": {"affected": [{"product": "SAP NetWeaver AS ABAP (Business Server Pages Test Application IT05)", "vendor": "SAP SE", "versions": [{"status": "affected", "version": "< 700"}, {"status": "affected", "version": "< 701"}, {"status": "affected", "version": "< 702"}, {"status": "affected", "version": "< 730"}, {"status": "affected", "version": "< 731"}, {"status": "affected", "version": "< 740"}, {"status": "affected", "version": "< 750"}, {"status": "affected", "version": "< 751"}, {"status": "affected", "version": "< 752"}, {"status": "affected", "version": "< 753"}, {"status": "affected", "version": "< 754"}]}], "descriptions": [{"lang": "en", "value": "SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Cross Site Scripting", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-04-14T19:41:34", "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202"}, {"tags": ["x_refsource_MISC"], "url": "https://launchpad.support.sap.com/#/notes/2872545"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cna@sap.com", "ID": "CVE-2020-6217", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SAP NetWeaver AS ABAP (Business Server Pages Test Application IT05)", "version": {"version_data": [{"version_name": "<", "version_value": "700"}, {"version_name": "<", "version_value": "701"}, {"version_name": "<", "version_value": "702"}, {"version_name": "<", "version_value": "730"}, {"version_name": "<", "version_value": "731"}, {"version_name": "<", "version_value": "740"}, {"version_name": "<", "version_value": "750"}, {"version_name": "<", "version_value": "751"}, {"version_name": "<", "version_value": "752"}, {"version_name": "<", "version_value": "753"}, {"version_name": "<", "version_value": "754"}]}}]}, "vendor_name": "SAP SE"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability."}]}, "impact": {"cvss": {"baseScore": "6.1", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Cross Site Scripting"}]}]}, "references": {"reference_data": [{"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202", "refsource": "MISC", "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202"}, {"name": "https://launchpad.support.sap.com/#/notes/2872545", "refsource": "MISC", "url": "https://launchpad.support.sap.com/#/notes/2872545"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T08:55:22.141Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://launchpad.support.sap.com/#/notes/2872545"}]}]}, "cveMetadata": {"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "assignerShortName": "sap", "cveId": "CVE-2020-6217", "datePublished": "2020-04-14T19:41:34", "dateReserved": "2020-01-08T00:00:00", "dateUpdated": "2024-08-04T08:55:22.141Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:700:*:*:*:*:*:*:*", "matchCriteriaId": "C730F7F7-B228-4D3E-BC02-33EE5D695D69", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:701:*:*:*:*:*:*:*", "matchCriteriaId": "EE253C97-C802-476B-81FB-BA4FC15B433C", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:702:*:*:*:*:*:*:*", "matchCriteriaId": "4DCD414F-0C97-4657-BF48-11DA3A83850E", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:730:*:*:*:*:*:*:*", "matchCriteriaId": "EB7A2294-4A88-436E-A847-1D88DBB1877E", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:731:*:*:*:*:*:*:*", "matchCriteriaId": "C167C76A-0F85-47F3-A90E-8DA4EA8C3B74", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:740:*:*:*:*:*:*:*", "matchCriteriaId": "FF90E047-B917-4C52-8A5B-99BFA094E90D", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:750:*:*:*:*:*:*:*", "matchCriteriaId": "DAE99B15-44F0-47A1-AD2F-D92BCCA940F8", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:751:*:*:*:*:*:*:*", "matchCriteriaId": "C00F292E-E761-47AA-A82D-456CBA829BDD", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:752:*:*:*:*:*:*:*", "matchCriteriaId": "4662F413-B285-4310-AA7C-D8AD60E024DE", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:753:*:*:*:*:*:*:*", "matchCriteriaId": "76D5B33D-9FFE-4492-8879-5738CD963D09", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:754:*:*:*:*:*:*:*", "matchCriteriaId": "C2C50935-7C21-4248-A707-60E08FA860DC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability."}, {"lang": "es", "value": "SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versiones 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, no codifica suficientemente las entradas controladas por el usuario, resultando en una vulnerabilidad de tipo Cross-Site Scripting (XSS) reflejada."}], "id": "CVE-2020-6217", "lastModified": "2022-10-06T18:08:19.423", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "cna@sap.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-04-14T20:15:15.340", "references": [{"source": "cna@sap.com", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://launchpad.support.sap.com/#/notes/2872545"}, {"source": "cna@sap.com", "tags": ["Broken Link", "Vendor Advisory"], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}