CVE-2020-6324 Information

Description

SAP Netweaver AS ABAP(BSP Test Application sbspext_table) version-700701720730731740750751752753754755 allows an unauthenticated attacker to send polluted URL to the victim when the victim clicks on this URL the attacker can read modify the information available in the victim?s browser leading to Reflected Cross Site Scripting.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Reference

https://launchpad.support.sap.com//notes/2948239 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

6.1