Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-6284

SAP NetWeaver (Knowledge Management), versions - 7.30, 7.31, 7.40, 7.50, allows the automatic execution of script content in a stored file due to inadequate filtering with the accessing user's privileges. If the accessing user has administrative privileges, then the execution of the script content could result in complete compromise of system confidentiality, integrity and availability, leading to Stored Cross Site Scripting.

Published

2020-08-12T14:15:13.860

Last Modified

2024-11-21T05:35:26.143

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.0 (CRITICAL)

CVSSv2 Vector

AV:N/AC:M/Au:S/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

6.8

Impact Score

10.0

Weaknesses

Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	sap	netweaver_knowledge_management	7.30	Yes
Application	sap	netweaver_knowledge_management	7.31	Yes
Application	sap	netweaver_knowledge_management	7.40	Yes
Application	sap	netweaver_knowledge_management	7.50	Yes

References

https://launchpad.support.sap.com/#/notes/2928635 Permissions Required ([email protected])
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345 Vendor Advisory ([email protected])
https://launchpad.support.sap.com/#/notes/2928635 Permissions Required (af854a3a-2127-422b-91ae-364da2661108)
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)