CVE-2020-6368 Information

Description

SAP Business Planning and Consolidation versions - 750 751 752 753 754 755 810 100 200 can be abused by an attacker allowing them to modify displayed application content without authorization and to potentially obtain authentication information from other legitimate users leading to Cross Site Scripting.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Reference

https://launchpad.support.sap.com//notes/2960825 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

5.4