Skip links
RedRays
Published in: sap note

CVE-2020-6303 Improper input validation in SAP Disclosure Management, SAP security note 2772325

Author
Published on:

Description

SAP Disclosure Management 10.1 does not validate user input properly in specific use cases.

Some well known impacts of improper input validation can be:

  • Reflected Cross Site Scripting
  • Stored Cross Site Scripting

Available fix and Supported packages

  • DISCMGMS | 1001 | 1001
  • DM SERVER – APPL SERVER 10.1 | SP015 | 000000

Affected component

    EPM-DSM-GEN
    DM core functionalities

CVSS

Score: 5.4
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected]

URL

https://launchpad.support.sap.com/#/notes/2772325

TAGS

#Unchecked-user-input
#XSS
#Cross-Site-Scripting
#Reflected-Cross-Site-Scripting
#Stored-Cross-Site-Scripting
#&160-CVE-2020-6303

You may also like