Skip links

CVE-2020-6324 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (BSP Test Application), SAP security note 2948239

Description

BSP Test Application sbspext_table allows an unauthenticated attacker to send polluted URL to the victim, hence allowing Reflected Cross site scripting.

Information available in the victim’s web browser can be read, modified, and sent to the attacker. No sensitive data is disclosed to the attacker as the attack is possible only in test application and service disruption is not possible as part of the impacts.

Available fix and Supported packages

  • SAP_BASIS | 700 | 702
  • SAP_BASIS | 730 | 730
  • SAP_BASIS | 731 | 731
  • SAP_BASIS | 740 | 740
  • SAP_BASIS | 750 | 755
  • SAP_BASIS 700 | SAPKB70038 |
  • SAP_BASIS 701 | SAPKB70123 |
  • SAP_BASIS 702 | SAPKB70223 |
  • SAP_BASIS 730 | SAPKB73021 |
  • SAP_BASIS 751 | SAPK-75111INSAPBASIS |
  • SAP_BASIS 752 | SAPK-75207INSAPBASIS |
  • SAP_BASIS 753 | SAPK-75305INSAPBASIS |
  • SAP_BASIS 754 | SAPK-75403INSAPBASIS |
  • | SAPK-782BHINSAPBASIS |
  • SAP_BASIS 731 | SAPKB73128 |
  • SAP_BASIS 740 | SAPKB74025 |
  • SAP_BASIS 755 | SAPK-75501INSAPBASIS |
  • SAP_BASIS 750 | SAPK-75020INSAPBASIS |

Affected component

    BC-BSP
    Business Server Pages

CVSS

Score: 6.1
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected]

URL

https://launchpad.support.sap.com/#/notes/2948239

TAGS

#CSS
#Reflected-XSS
#XSS
#&160-CVE-2020-6324