Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-26825

SAP Fiori Launchpad (News tile Application), versions - 750,751,752,753,754,755, allows an unauthorized attacker to use SAP Fiori Launchpad News tile Application to send malicious code, to a different end user (victim), because News tile does not sufficiently encode user controlled inputs, resulting in Reflected Cross-Site Scripting (XSS) vulnerability. Information maintained in the victim's web browser can be read, modified, and sent to the attacker. The malicious code cannot significantly impact the victim's browser and the victim can easily close the browser tab to terminate it.

Published

2020-11-13T15:15:12.470

Last Modified

2024-11-21T05:20:21.113

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.1 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	sap	fiori_launchpad_\(news_tile_application\)	750	Yes
Application	sap	fiori_launchpad_\(news_tile_application\)	751	Yes
Application	sap	fiori_launchpad_\(news_tile_application\)	752	Yes
Application	sap	fiori_launchpad_\(news_tile_application\)	753	Yes
Application	sap	fiori_launchpad_\(news_tile_application\)	754	Yes
Application	sap	fiori_launchpad_\(news_tile_application\)	755	Yes

References

https://launchpad.support.sap.com/#/notes/2984627 Permissions Required ([email protected])
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571 Vendor Advisory ([email protected])
https://launchpad.support.sap.com/#/notes/2984627 Permissions Required (af854a3a-2127-422b-91ae-364da2661108)
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)