CVE-2020-6284 Vulnerability Details

  /     /     /  

CVE-2020-6284 Metadata Quick Info

CVE Published: 12/08/2020 | CVE Updated: 04/08/2024 | CVE Year: 2020
Source: sap | Vendor: SAP SE | Product: SAP NetWeaver (Knowledge Management)
Status : PUBLISHED

CVE-2020-6284 Description

SAP NetWeaver (Knowledge Management), versions - 7.30, 7.31, 7.40, 7.50, allows the automatic execution of script content in a stored file due to inadequate filtering with the accessing user\'s privileges. If the accessing user has administrative privileges, then the execution of the script content could result in complete compromise of system confidentiality, integrity and availability, leading to Stored Cross Site Scripting.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: Cross Site Scripting
Source: SAP SE

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).

Last added CVEs

▸ CVE-2024-9999 ◂
Discovered: 12/11/2024
Status: PUBLISHED
▸ CVE-2024-9997 ◂
Discovered: 29/10/2024
Status: PUBLISHED
▸ CVE-2024-9996 ◂
Discovered: 29/10/2024
Status: PUBLISHED



Tags:
CVE-2020-6284 Vulnerability Details