SAP NetWeaver AS ABAP Business Server Pages (Smart Forms), SAP_BASIS versions- 7.00, 7.01, 7.02, 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, 7.51, 7.52, 7.53, 7.54; does not sufficiently encode user controlled inputs, allowing an unauthenticated attacker to non-permanently deface or modify displayed content and/or steal authentication information of the user and/or impersonate the user and access all information with the same rights as the target user, leading to Reflected Cross Site Scripting Vulnerability.
2020-03-10T21:15:14.620
2024-11-21T05:35:17.763
Modified
CVSSv3.1: 6.1 (MEDIUM)
AV:N/AC:M/Au:N/C:N/I:P/A:N
8.6
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | sap | netweaver_as_abap_business_server_pages | 7.00 | Yes |
| Application | sap | netweaver_as_abap_business_server_pages | 7.01 | Yes |
| Application | sap | netweaver_as_abap_business_server_pages | 7.02 | Yes |
| Application | sap | netweaver_as_abap_business_server_pages | 7.10 | Yes |
| Application | sap | netweaver_as_abap_business_server_pages | 7.11 | Yes |
| Application | sap | netweaver_as_abap_business_server_pages | 7.30 | Yes |
| Application | sap | netweaver_as_abap_business_server_pages | 7.31 | Yes |
| Application | sap | netweaver_as_abap_business_server_pages | 7.40 | Yes |
| Application | sap | netweaver_as_abap_business_server_pages | 7.50 | Yes |
| Application | sap | netweaver_as_abap_business_server_pages | 7.51 | Yes |
| Application | sap | netweaver_as_abap_business_server_pages | 7.52 | Yes |
| Application | sap | netweaver_as_abap_business_server_pages | 7.53 | Yes |
| Application | sap | netweaver_as_abap_business_server_pages | 7.54 | Yes |