Skip links

CVE-2020-6303 Improper input validation in SAP Disclosure Management, SAP security note 2772325

Description

SAP Disclosure Management 10.1 does not validate user input properly in specific use cases.

Some well known impacts of improper input validation can be:

  • Reflected Cross Site Scripting
  • Stored Cross Site Scripting

Available fix and Supported packages

  • DISCMGMS | 1001 | 1001
  • DM SERVER – APPL SERVER 10.1 | SP015 | 000000

Affected component

    EPM-DSM-GEN
    DM core functionalities

CVSS

Score: 5.4
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected]

URL

https://launchpad.support.sap.com/#/notes/2772325

TAGS

#Unchecked-user-input
#XSS
#Cross-Site-Scripting
#Reflected-Cross-Site-Scripting
#Stored-Cross-Site-Scripting
#&160-CVE-2020-6303