CVE-2020-6260 Information

Description

SAP Solution Manager (Trace Analysis) version 7.20 allows an attacker to inject superflous data that can be displayed by the application due to Incomplete XML Validation. The application shows additional data that do not actually exist.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Reference

https://launchpad.support.sap.com//notes/2915126 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

LOW

Base Score

NONE

Base Severity

5.3