← volver
CVE-2020-6367

CVE-2020-6367

CVSS 8.2 HIGHEPSS 0.8%
Vexday Risk Score
21Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 8.2EPSS 0.8%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
20 oct 2020Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
There is a reflected cross site scripting vulnerability in SAP NetWeaver Composite Application Framework, versions - 7.20, 7.30, 7.31, 7.40, 7.50. An unauthenticated attacker can trick an unsuspecting authenticated user to click on a malicious link. The end users browser has no way to know that the script should not be trusted, and will execute the script, resulting in sensitive information being disclosed or modified.
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
Productos afectados
SAP SE · SAP NetWeaver Composite Application Framework

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://launchpad.support.sap.com/#/notes/2972661https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196