{"containers": {"cna": {"affected": [{"product": "SAP NetWeaver AS ABAP (BSP Test Application)", "vendor": "SAP SE", "versions": [{"status": "affected", "version": "< 700"}, {"status": "affected", "version": "< 701"}, {"status": "affected", "version": "< 702"}, {"status": "affected", "version": "< 730"}, {"status": "affected", "version": "< 731"}, {"status": "affected", "version": "< 740"}, {"status": "affected", "version": "< 750"}, {"status": "affected", "version": "< 751"}, {"status": "affected", "version": "< 752"}, {"status": "affected", "version": "< 753"}, {"status": "affected", "version": "< 754"}, {"status": "affected", "version": "< 755"}]}], "descriptions": [{"lang": "en", "value": "SAP Netweaver AS ABAP(BSP Test Application sbspext_table), version-700,701,720,730,731,740,750,751,752,753,754,755, allows an unauthenticated attacker to send polluted URL to the victim, when the victim clicks on this URL, the attacker can read, modify the information available in the victim\ufffds browser leading to Reflected Cross Site Scripting."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Cross Site Scripting", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-09-09T13:10:53", "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700"}, {"tags": ["x_refsource_MISC"], "url": "https://launchpad.support.sap.com/#/notes/2948239"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cna@sap.com", "ID": "CVE-2020-6324", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SAP NetWeaver AS ABAP (BSP Test Application)", "version": {"version_data": [{"version_name": "<", "version_value": "700"}, {"version_name": "<", "version_value": "701"}, {"version_name": "<", "version_value": "702"}, {"version_name": "<", "version_value": "730"}, {"version_name": "<", "version_value": "731"}, {"version_name": "<", "version_value": "740"}, {"version_name": "<", "version_value": "750"}, {"version_name": "<", "version_value": "751"}, {"version_name": "<", "version_value": "752"}, {"version_name": "<", "version_value": "753"}, {"version_name": "<", "version_value": "754"}, {"version_name": "<", "version_value": "755"}]}}]}, "vendor_name": "SAP SE"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "SAP Netweaver AS ABAP(BSP Test Application sbspext_table), version-700,701,720,730,731,740,750,751,752,753,754,755, allows an unauthenticated attacker to send polluted URL to the victim, when the victim clicks on this URL, the attacker can read, modify the information available in the victim\ufffds browser leading to Reflected Cross Site Scripting."}]}, "impact": {"cvss": {"baseScore": "6.1", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Cross Site Scripting"}]}]}, "references": {"reference_data": [{"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700", "refsource": "MISC", "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700"}, {"name": "https://launchpad.support.sap.com/#/notes/2948239", "refsource": "MISC", "url": "https://launchpad.support.sap.com/#/notes/2948239"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T08:55:22.441Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://launchpad.support.sap.com/#/notes/2948239"}]}]}, "cveMetadata": {"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "assignerShortName": "sap", "cveId": "CVE-2020-6324", "datePublished": "2020-09-09T13:10:53", "dateReserved": "2020-01-08T00:00:00", "dateUpdated": "2024-08-04T08:55:22.441Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:700:*:*:*:*:*:*:*", "matchCriteriaId": "C730F7F7-B228-4D3E-BC02-33EE5D695D69", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:701:*:*:*:*:*:*:*", "matchCriteriaId": "EE253C97-C802-476B-81FB-BA4FC15B433C", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:702:*:*:*:*:*:*:*", "matchCriteriaId": "4DCD414F-0C97-4657-BF48-11DA3A83850E", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:730:*:*:*:*:*:*:*", "matchCriteriaId": "EB7A2294-4A88-436E-A847-1D88DBB1877E", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:731:*:*:*:*:*:*:*", "matchCriteriaId": "C167C76A-0F85-47F3-A90E-8DA4EA8C3B74", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:740:*:*:*:*:*:*:*", "matchCriteriaId": "FF90E047-B917-4C52-8A5B-99BFA094E90D", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:750:*:*:*:*:*:*:*", "matchCriteriaId": "DAE99B15-44F0-47A1-AD2F-D92BCCA940F8", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:751:*:*:*:*:*:*:*", "matchCriteriaId": "C00F292E-E761-47AA-A82D-456CBA829BDD", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:752:*:*:*:*:*:*:*", "matchCriteriaId": "4662F413-B285-4310-AA7C-D8AD60E024DE", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:753:*:*:*:*:*:*:*", "matchCriteriaId": "76D5B33D-9FFE-4492-8879-5738CD963D09", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:754:*:*:*:*:*:*:*", "matchCriteriaId": "C2C50935-7C21-4248-A707-60E08FA860DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:755:*:*:*:*:*:*:*", "matchCriteriaId": "4032AD23-8EFE-4A7B-84C3-B658F8F639DF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "SAP Netweaver AS ABAP(BSP Test Application sbspext_table), version-700,701,720,730,731,740,750,751,752,753,754,755, allows an unauthenticated attacker to send polluted URL to the victim, when the victim clicks on this URL, the attacker can read, modify the information available in the victim\ufffds browser leading to Reflected Cross Site Scripting."}, {"lang": "es", "value": "SAP Netweaver AS ABAP(BSP Test Application sbspext_table), versi\u00f3n-700,701,720,730,731,740,750,751,752,753,754,755, permite a un atacante no autenticado enviar una URL contaminada a la v\u00edctima, cuando la v\u00edctima hace clic en esta URL, el atacante puede leer, modificar la informaci\u00f3n disponible en el navegador de la v\u00edctima llevando a Reflected Cross Site Scripting"}], "id": "CVE-2020-6324", "lastModified": "2024-11-21T05:35:30.620", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "cna@sap.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-09-09T14:15:12.927", "references": [{"source": "cna@sap.com", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://launchpad.support.sap.com/#/notes/2948239"}, {"source": "cna@sap.com", "tags": ["Vendor Advisory"], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://launchpad.support.sap.com/#/notes/2948239"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}