← back
CVE-2020-6367

CVE-2020-6367

CVSS 8.2 HIGHEPSS 0.8%
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.2EPSS 0.8%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
20 Oct 2020Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
There is a reflected cross site scripting vulnerability in SAP NetWeaver Composite Application Framework, versions - 7.20, 7.30, 7.31, 7.40, 7.50. An unauthenticated attacker can trick an unsuspecting authenticated user to click on a malicious link. The end users browser has no way to know that the script should not be trusted, and will execute the script, resulting in sensitive information being disclosed or modified.
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
Affected products
SAP SE · SAP NetWeaver Composite Application Framework

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://launchpad.support.sap.com/#/notes/2972661https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196