← volver
CVE-2020-6319

CVE-2020-6319

CVSS 6.1 MEDIUMEPSS 0.9%
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 6.1EPSS 0.9%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
15 oct 2020Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
SAP NetWeaver Application Server Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50 allows an unauthenticated attacker to include JavaScript blocks in any web page or URL with different symbols which are otherwise not allowed. On successful exploitation an attacker can steal authentication information of the user, such as data relating to his or her current session and limitedly impact confidentiality and integrity of the application, leading to Reflected Cross Site Scripting.
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Productos afectados
SAP SE · SAP NetWeaver Application Server Java

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://launchpad.support.sap.com/#/notes/2956398https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196