cvelistv5 - cve-2020-6326

CVE-2020-6326 (GCVE-0-2020-6326)

Vulnerability from cvelistv5 – Published: 2020-09-09 12:47 – Updated: 2024-08-04 08:55

Summary

SAP NetWeaver (Knowledge Management), version-7.30,7.31,7.40,7.50, allows an authenticated attacker to create malicious links in the UI, when clicked by victim, will execute arbitrary java scripts thus extracting or modifying information otherwise restricted leading to Stored Cross Site Scripting.

Severity ?

5.4 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWE

Cross Site Scripting

Assigner

sap

References

URL

Tags

	https://wiki.scn.sap.com/wiki/pages/viewpage.acti…	x_refsource_MISC
	https://launchpad.support.sap.com/#/notes/2953112	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	SAP SE	SAP NetWeaver (Knowledge Management)	Affected: < 7.30 Affected: < 7.31 Affected: < 7.40 Affected: < 7.50

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:55:22.326Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://launchpad.support.sap.com/#/notes/2953112"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SAP NetWeaver (Knowledge Management)",
          "vendor": "SAP SE",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 7.30"
            },
            {
              "status": "affected",
              "version": "\u003c 7.31"
            },
            {
              "status": "affected",
              "version": "\u003c 7.40"
            },
            {
              "status": "affected",
              "version": "\u003c 7.50"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "SAP NetWeaver (Knowledge Management), version-7.30,7.31,7.40,7.50, allows an authenticated attacker to create malicious links in the UI, when clicked by victim, will execute arbitrary java scripts thus extracting or modifying information otherwise restricted leading to Stored Cross Site Scripting."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-09-09T12:47:31",
        "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "shortName": "sap"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://launchpad.support.sap.com/#/notes/2953112"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cna@sap.com",
          "ID": "CVE-2020-6326",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SAP NetWeaver (Knowledge Management)",
                      "version": {
                        "version_data": [
                          {
                            "version_name": "\u003c",
                            "version_value": "7.30"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "7.31"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "7.40"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "7.50"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "SAP SE"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SAP NetWeaver (Knowledge Management), version-7.30,7.31,7.40,7.50, allows an authenticated attacker to create malicious links in the UI, when clicked by victim, will execute arbitrary java scripts thus extracting or modifying information otherwise restricted leading to Stored Cross Site Scripting."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "5.4",
            "vectorString": "CVSS:/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700",
              "refsource": "MISC",
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700"
            },
            {
              "name": "https://launchpad.support.sap.com/#/notes/2953112",
              "refsource": "MISC",
              "url": "https://launchpad.support.sap.com/#/notes/2953112"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
    "assignerShortName": "sap",
    "cveId": "CVE-2020-6326",
    "datePublished": "2020-09-09T12:47:31",
    "dateReserved": "2020-01-08T00:00:00",
    "dateUpdated": "2024-08-04T08:55:22.326Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_knowledge_management:7.30:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"69E7BD55-6020-4CF5-9B1C-AAC6161403E0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_knowledge_management:7.31:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F6A9823F-8736-44E1-8F51-7149236A85C2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_knowledge_management:7.40:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"67365283-2C5E-448E-A9F7-8AA033B57F67\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_knowledge_management:7.50:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"95298857-D440-4323-ACAE-A1097DBC5C13\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"SAP NetWeaver (Knowledge Management), version-7.30,7.31,7.40,7.50, allows an authenticated attacker to create malicious links in the UI, when clicked by victim, will execute arbitrary java scripts thus extracting or modifying information otherwise restricted leading to Stored Cross Site Scripting.\"}, {\"lang\": \"es\", \"value\": \"SAP NetWeaver (Knowledge Management), versi\\u00f3n-7.30,7.31,7.40,7.50, permite a un atacante autenticado crear enlaces maliciosos en la Interfaz de Usuario, cuando la v\\u00edctima haga clic en \\u00e9l, ejecutar\\u00e1 scripts java arbitrarios, extrayendo o modificando informaci\\u00f3n que de otro modo estar\\u00eda restringida conllevando a una vulnerabilidad de tipo Cross Site Scripting Almacenado.\"}]",
      "id": "CVE-2020-6326",
      "lastModified": "2024-11-21T05:35:30.737",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 5.4, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.3, \"impactScore\": 2.7}], \"cvssMetricV30\": [{\"source\": \"cna@sap.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 5.4, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.3, \"impactScore\": 2.7}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:S/C:N/I:P/A:N\", \"baseScore\": 3.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 6.8, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2020-09-09T13:15:12.520",
      "references": "[{\"url\": \"https://launchpad.support.sap.com/#/notes/2953112\", \"source\": \"cna@sap.com\", \"tags\": [\"Permissions Required\"]}, {\"url\": \"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700\", \"source\": \"cna@sap.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://launchpad.support.sap.com/#/notes/2953112\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Permissions Required\"]}, {\"url\": \"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "cna@sap.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-6326\",\"sourceIdentifier\":\"cna@sap.com\",\"published\":\"2020-09-09T13:15:12.520\",\"lastModified\":\"2024-11-21T05:35:30.737\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"SAP NetWeaver (Knowledge Management), version-7.30,7.31,7.40,7.50, allows an authenticated attacker to create malicious links in the UI, when clicked by victim, will execute arbitrary java scripts thus extracting or modifying information otherwise restricted leading to Stored Cross Site Scripting.\"},{\"lang\":\"es\",\"value\":\"SAP NetWeaver (Knowledge Management), versi\u00f3n-7.30,7.31,7.40,7.50, permite a un atacante autenticado crear enlaces maliciosos en la Interfaz de Usuario, cuando la v\u00edctima haga clic en \u00e9l, ejecutar\u00e1 scripts java arbitrarios, extrayendo o modificando informaci\u00f3n que de otro modo estar\u00eda restringida conllevando a una vulnerabilidad de tipo Cross Site Scripting Almacenado.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.3,\"impactScore\":2.7}],\"cvssMetricV30\":[{\"source\":\"cna@sap.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.3,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:N/I:P/A:N\",\"baseScore\":3.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":6.8,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_knowledge_management:7.30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"69E7BD55-6020-4CF5-9B1C-AAC6161403E0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_knowledge_management:7.31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6A9823F-8736-44E1-8F51-7149236A85C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_knowledge_management:7.40:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"67365283-2C5E-448E-A9F7-8AA033B57F67\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_knowledge_management:7.50:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"95298857-D440-4323-ACAE-A1097DBC5C13\"}]}]}],\"references\":[{\"url\":\"https://launchpad.support.sap.com/#/notes/2953112\",\"source\":\"cna@sap.com\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700\",\"source\":\"cna@sap.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://launchpad.support.sap.com/#/notes/2953112\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

FKIE_CVE-2020-6326

Vulnerability from fkie_nvd - Published: 2020-09-09 13:15 - Updated: 2024-11-21 05:35

Severity ?

5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Summary

References

URL	Tags
cna@sap.com	https://launchpad.support.sap.com/#/notes/2953112	Permissions Required
cna@sap.com	https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://launchpad.support.sap.com/#/notes/2953112	Permissions Required
af854a3a-2127-422b-91ae-364da2661108	https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700	Vendor Advisory

Impacted products

Vendor	Product	Version
sap	netweaver_knowledge_management	7.30
sap	netweaver_knowledge_management	7.31
sap	netweaver_knowledge_management	7.40
sap	netweaver_knowledge_management	7.50

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sap:netweaver_knowledge_management:7.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "69E7BD55-6020-4CF5-9B1C-AAC6161403E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_knowledge_management:7.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6A9823F-8736-44E1-8F51-7149236A85C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_knowledge_management:7.40:*:*:*:*:*:*:*",
              "matchCriteriaId": "67365283-2C5E-448E-A9F7-8AA033B57F67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_knowledge_management:7.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "95298857-D440-4323-ACAE-A1097DBC5C13",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SAP NetWeaver (Knowledge Management), version-7.30,7.31,7.40,7.50, allows an authenticated attacker to create malicious links in the UI, when clicked by victim, will execute arbitrary java scripts thus extracting or modifying information otherwise restricted leading to Stored Cross Site Scripting."
    },
    {
      "lang": "es",
      "value": "SAP NetWeaver (Knowledge Management), versi\u00f3n-7.30,7.31,7.40,7.50, permite a un atacante autenticado crear enlaces maliciosos en la Interfaz de Usuario, cuando la v\u00edctima haga clic en \u00e9l, ejecutar\u00e1 scripts java arbitrarios, extrayendo o modificando informaci\u00f3n que de otro modo estar\u00eda restringida conllevando a una vulnerabilidad de tipo Cross Site Scripting Almacenado."
    }
  ],
  "id": "CVE-2020-6326",
  "lastModified": "2024-11-21T05:35:30.737",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "cna@sap.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-09-09T13:15:12.520",
  "references": [
    {
      "source": "cna@sap.com",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://launchpad.support.sap.com/#/notes/2953112"
    },
    {
      "source": "cna@sap.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://launchpad.support.sap.com/#/notes/2953112"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700"
    }
  ],
  "sourceIdentifier": "cna@sap.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2020-6326

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2020-6326

Aliases

CVE-2020-6326

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-6326",
    "description": "SAP NetWeaver (Knowledge Management), version-7.30,7.31,7.40,7.50, allows an authenticated attacker to create malicious links in the UI, when clicked by victim, will execute arbitrary java scripts thus extracting or modifying information otherwise restricted leading to Stored Cross Site Scripting.",
    "id": "GSD-2020-6326"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-6326"
      ],
      "details": "SAP NetWeaver (Knowledge Management), version-7.30,7.31,7.40,7.50, allows an authenticated attacker to create malicious links in the UI, when clicked by victim, will execute arbitrary java scripts thus extracting or modifying information otherwise restricted leading to Stored Cross Site Scripting.",
      "id": "GSD-2020-6326",
      "modified": "2023-12-13T01:21:55.161863Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cna@sap.com",
        "ID": "CVE-2020-6326",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "SAP NetWeaver (Knowledge Management)",
                    "version": {
                      "version_data": [
                        {
                          "version_name": "\u003c",
                          "version_value": "7.30"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "7.31"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "7.40"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "7.50"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "SAP SE"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "SAP NetWeaver (Knowledge Management), version-7.30,7.31,7.40,7.50, allows an authenticated attacker to create malicious links in the UI, when clicked by victim, will execute arbitrary java scripts thus extracting or modifying information otherwise restricted leading to Stored Cross Site Scripting."
          }
        ]
      },
      "impact": {
        "cvss": {
          "baseScore": "5.4",
          "vectorString": "CVSS:/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Cross Site Scripting"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700",
            "refsource": "MISC",
            "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700"
          },
          {
            "name": "https://launchpad.support.sap.com/#/notes/2953112",
            "refsource": "MISC",
            "url": "https://launchpad.support.sap.com/#/notes/2953112"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_knowledge_management:7.30:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_knowledge_management:7.31:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_knowledge_management:7.40:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_knowledge_management:7.50:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cna@sap.com",
          "ID": "CVE-2020-6326"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "SAP NetWeaver (Knowledge Management), version-7.30,7.31,7.40,7.50, allows an authenticated attacker to create malicious links in the UI, when clicked by victim, will execute arbitrary java scripts thus extracting or modifying information otherwise restricted leading to Stored Cross Site Scripting."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://launchpad.support.sap.com/#/notes/2953112",
              "refsource": "MISC",
              "tags": [
                "Permissions Required"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2953112"
            },
            {
              "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 6.8,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.3,
          "impactScore": 2.7
        }
      },
      "lastModifiedDate": "2020-09-14T17:49Z",
      "publishedDate": "2020-09-09T13:15Z"
    }
  }
}

CERTFR-2020-AVI-549

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
SAP	N/A	SAPUI5 (UI_700) version 200
SAP	N/A	SAP Marketing (Mobile Channel Servlet) versions 130, 140 et 150
SAP	N/A	SAP Netweaver AS ABAP versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753 et 754
SAP	N/A	SAP Adaptive Server Enterprise versions 15.7 et 16.0
SAP	N/A	SAPFiori (Launchpad) versions 750, 752, 753, 754 et 755
SAP	N/A	SAP NetWeaver AS ABAP (BSP Test Application) versions 700,701,702,730,731,740,750,751,752,753,754 et 755
SAP	N/A	S/4HANA FIN PROD SUBLDGR version 100
SAP	N/A	SAPUI5 (SAP_UI) versions 750, 751, 752, 753, 754 et 755
SAP	N/A	SAP NetWeaver (Knowledge Management) versions 7.30,7.31,7.40 et 7.50
SAP	N/A	SAP Business Client version 6.5
SAP	N/A	SAP 3D Visual Enterprise Viewer version 9
SAP	N/A	SAP Business Objects Business Intelligence Platform (BI Workspace) versions 4.1 et 4.2
SAP	N/A	SAPUI5 (UISAPUI5_JAVA) version 7.50
SAP	N/A	SAP NetWeaver (ABAP Server) et ABAP Platform versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754 et 755
SAP	N/A	SAP NetWeaver (ABAP Server) et ABAP Platform versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 753 et 755
SAP	SAP NetWeaver AS Java	SAP NetWeaver AS JAVA (IIOP service) (SERVERCORE) versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40 et 7.50
SAP	SAP NetWeaver AS Java	SAP NetWeaver AS JAVA (IIOP service) (CORE-TOOLS) versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40 et 7.50
SAP	N/A	SAP Solution Manager (User Experience Monitoring) version 7.2
SAP	N/A	SAP Commerce versions 6.7, 1808, 1811, 1905 et 2005
SAP	N/A	BANKING SERVICES FROM SAP 9.0 (Bank Analyzer) version 500

References

Title

Publication Time

Tags

Bulletin de sécurité SAP du 08 septembre 2020

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SAPUI5 (UI_700) version 200",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Marketing (Mobile Channel Servlet) versions 130, 140 et 150",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Netweaver AS ABAP versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753 et 754",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Adaptive Server Enterprise versions 15.7 et 16.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAPFiori (Launchpad) versions 750, 752, 753, 754 et 755",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP NetWeaver AS ABAP (BSP Test Application) versions 700,701,702,730,731,740,750,751,752,753,754 et 755",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "S/4HANA FIN PROD SUBLDGR version 100",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAPUI5 (SAP_UI) versions 750, 751, 752, 753, 754 et 755",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP NetWeaver (Knowledge Management) versions 7.30,7.31,7.40 et 7.50",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Business Client version 6.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP 3D Visual Enterprise Viewer version 9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Business Objects Business Intelligence Platform (BI Workspace) versions 4.1 et 4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAPUI5 (UISAPUI5_JAVA) version 7.50",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP NetWeaver (ABAP Server) et ABAP Platform versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754 et 755",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP NetWeaver (ABAP Server) et ABAP Platform versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 753 et 755",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP NetWeaver AS JAVA (IIOP service) (SERVERCORE) versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40 et 7.50",
      "product": {
        "name": "SAP NetWeaver AS Java",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP NetWeaver AS JAVA (IIOP service) (CORE-TOOLS) versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40 et 7.50",
      "product": {
        "name": "SAP NetWeaver AS Java",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Solution Manager (User Experience Monitoring) version 7.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Commerce versions 6.7, 1808, 1811, 1905 et 2005",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "BANKING SERVICES FROM SAP 9.0 (Bank Analyzer) version 500",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-6328",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6328"
    },
    {
      "name": "CVE-2020-6282",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6282"
    },
    {
      "name": "CVE-2020-6334",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6334"
    },
    {
      "name": "CVE-2020-6351",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6351"
    },
    {
      "name": "CVE-2020-6296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6296"
    },
    {
      "name": "CVE-2020-6349",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6349"
    },
    {
      "name": "CVE-2020-6359",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6359"
    },
    {
      "name": "CVE-2020-6341",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6341"
    },
    {
      "name": "CVE-2020-6338",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6338"
    },
    {
      "name": "CVE-2020-6207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6207"
    },
    {
      "name": "CVE-2020-6283",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6283"
    },
    {
      "name": "CVE-2020-6343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6343"
    },
    {
      "name": "CVE-2020-6335",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6335"
    },
    {
      "name": "CVE-2020-6329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6329"
    },
    {
      "name": "CVE-2020-6344",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6344"
    },
    {
      "name": "CVE-2020-6318",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6318"
    },
    {
      "name": "CVE-2020-6347",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6347"
    },
    {
      "name": "CVE-2020-6357",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6357"
    },
    {
      "name": "CVE-2020-6346",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6346"
    },
    {
      "name": "CVE-2020-6348",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6348"
    },
    {
      "name": "CVE-2020-6312",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6312"
    },
    {
      "name": "CVE-2020-6356",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6356"
    },
    {
      "name": "CVE-2020-6322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6322"
    },
    {
      "name": "CVE-2020-6325",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6325"
    },
    {
      "name": "CVE-2020-6354",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6354"
    },
    {
      "name": "CVE-2020-6320",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6320"
    },
    {
      "name": "CVE-2020-6288",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6288"
    },
    {
      "name": "CVE-2020-6333",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6333"
    },
    {
      "name": "CVE-2020-6332",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6332"
    },
    {
      "name": "CVE-2020-6311",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6311"
    },
    {
      "name": "CVE-2020-6340",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6340"
    },
    {
      "name": "CVE-2020-6317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6317"
    },
    {
      "name": "CVE-2020-6321",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6321"
    },
    {
      "name": "CVE-2020-6355",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6355"
    },
    {
      "name": "CVE-2020-6352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6352"
    },
    {
      "name": "CVE-2020-6350",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6350"
    },
    {
      "name": "CVE-2020-6326",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6326"
    },
    {
      "name": "CVE-2020-6337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6337"
    },
    {
      "name": "CVE-2020-6275",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6275"
    },
    {
      "name": "CVE-2020-6302",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6302"
    },
    {
      "name": "CVE-2020-11022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
    },
    {
      "name": "CVE-2020-6353",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6353"
    },
    {
      "name": "CVE-2020-6339",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6339"
    },
    {
      "name": "CVE-2020-6330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6330"
    },
    {
      "name": "CVE-2020-6314",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6314"
    },
    {
      "name": "CVE-2020-6336",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6336"
    },
    {
      "name": "CVE-2020-6313",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6313"
    },
    {
      "name": "CVE-2020-6358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6358"
    },
    {
      "name": "CVE-2020-6345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6345"
    },
    {
      "name": "CVE-2020-6360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6360"
    },
    {
      "name": "CVE-2020-6342",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6342"
    },
    {
      "name": "CVE-2020-6331",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6331"
    },
    {
      "name": "CVE-2020-6324",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6324"
    },
    {
      "name": "CVE-2020-6361",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6361"
    },
    {
      "name": "CVE-2020-11023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
    },
    {
      "name": "CVE-2020-6327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6327"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-549",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-09-08T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SAP du 08 septembre 2020",
      "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700"
    }
  ]
}

CERTFR-2020-AVI-549

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
SAP	N/A	SAPUI5 (UI_700) version 200
SAP	N/A	SAP Marketing (Mobile Channel Servlet) versions 130, 140 et 150
SAP	N/A	SAP Netweaver AS ABAP versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753 et 754
SAP	N/A	SAP Adaptive Server Enterprise versions 15.7 et 16.0
SAP	N/A	SAPFiori (Launchpad) versions 750, 752, 753, 754 et 755
SAP	N/A	SAP NetWeaver AS ABAP (BSP Test Application) versions 700,701,702,730,731,740,750,751,752,753,754 et 755
SAP	N/A	S/4HANA FIN PROD SUBLDGR version 100
SAP	N/A	SAPUI5 (SAP_UI) versions 750, 751, 752, 753, 754 et 755
SAP	N/A	SAP NetWeaver (Knowledge Management) versions 7.30,7.31,7.40 et 7.50
SAP	N/A	SAP Business Client version 6.5
SAP	N/A	SAP 3D Visual Enterprise Viewer version 9
SAP	N/A	SAP Business Objects Business Intelligence Platform (BI Workspace) versions 4.1 et 4.2
SAP	N/A	SAPUI5 (UISAPUI5_JAVA) version 7.50
SAP	N/A	SAP NetWeaver (ABAP Server) et ABAP Platform versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754 et 755
SAP	N/A	SAP NetWeaver (ABAP Server) et ABAP Platform versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 753 et 755
SAP	SAP NetWeaver AS Java	SAP NetWeaver AS JAVA (IIOP service) (SERVERCORE) versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40 et 7.50
SAP	SAP NetWeaver AS Java	SAP NetWeaver AS JAVA (IIOP service) (CORE-TOOLS) versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40 et 7.50
SAP	N/A	SAP Solution Manager (User Experience Monitoring) version 7.2
SAP	N/A	SAP Commerce versions 6.7, 1808, 1811, 1905 et 2005
SAP	N/A	BANKING SERVICES FROM SAP 9.0 (Bank Analyzer) version 500

References

Title

Publication Time

Tags

Bulletin de sécurité SAP du 08 septembre 2020

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SAPUI5 (UI_700) version 200",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Marketing (Mobile Channel Servlet) versions 130, 140 et 150",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Netweaver AS ABAP versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753 et 754",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Adaptive Server Enterprise versions 15.7 et 16.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAPFiori (Launchpad) versions 750, 752, 753, 754 et 755",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP NetWeaver AS ABAP (BSP Test Application) versions 700,701,702,730,731,740,750,751,752,753,754 et 755",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "S/4HANA FIN PROD SUBLDGR version 100",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAPUI5 (SAP_UI) versions 750, 751, 752, 753, 754 et 755",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP NetWeaver (Knowledge Management) versions 7.30,7.31,7.40 et 7.50",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Business Client version 6.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP 3D Visual Enterprise Viewer version 9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Business Objects Business Intelligence Platform (BI Workspace) versions 4.1 et 4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAPUI5 (UISAPUI5_JAVA) version 7.50",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP NetWeaver (ABAP Server) et ABAP Platform versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754 et 755",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP NetWeaver (ABAP Server) et ABAP Platform versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 753 et 755",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP NetWeaver AS JAVA (IIOP service) (SERVERCORE) versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40 et 7.50",
      "product": {
        "name": "SAP NetWeaver AS Java",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP NetWeaver AS JAVA (IIOP service) (CORE-TOOLS) versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40 et 7.50",
      "product": {
        "name": "SAP NetWeaver AS Java",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Solution Manager (User Experience Monitoring) version 7.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Commerce versions 6.7, 1808, 1811, 1905 et 2005",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "BANKING SERVICES FROM SAP 9.0 (Bank Analyzer) version 500",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-6328",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6328"
    },
    {
      "name": "CVE-2020-6282",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6282"
    },
    {
      "name": "CVE-2020-6334",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6334"
    },
    {
      "name": "CVE-2020-6351",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6351"
    },
    {
      "name": "CVE-2020-6296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6296"
    },
    {
      "name": "CVE-2020-6349",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6349"
    },
    {
      "name": "CVE-2020-6359",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6359"
    },
    {
      "name": "CVE-2020-6341",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6341"
    },
    {
      "name": "CVE-2020-6338",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6338"
    },
    {
      "name": "CVE-2020-6207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6207"
    },
    {
      "name": "CVE-2020-6283",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6283"
    },
    {
      "name": "CVE-2020-6343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6343"
    },
    {
      "name": "CVE-2020-6335",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6335"
    },
    {
      "name": "CVE-2020-6329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6329"
    },
    {
      "name": "CVE-2020-6344",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6344"
    },
    {
      "name": "CVE-2020-6318",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6318"
    },
    {
      "name": "CVE-2020-6347",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6347"
    },
    {
      "name": "CVE-2020-6357",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6357"
    },
    {
      "name": "CVE-2020-6346",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6346"
    },
    {
      "name": "CVE-2020-6348",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6348"
    },
    {
      "name": "CVE-2020-6312",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6312"
    },
    {
      "name": "CVE-2020-6356",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6356"
    },
    {
      "name": "CVE-2020-6322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6322"
    },
    {
      "name": "CVE-2020-6325",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6325"
    },
    {
      "name": "CVE-2020-6354",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6354"
    },
    {
      "name": "CVE-2020-6320",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6320"
    },
    {
      "name": "CVE-2020-6288",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6288"
    },
    {
      "name": "CVE-2020-6333",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6333"
    },
    {
      "name": "CVE-2020-6332",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6332"
    },
    {
      "name": "CVE-2020-6311",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6311"
    },
    {
      "name": "CVE-2020-6340",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6340"
    },
    {
      "name": "CVE-2020-6317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6317"
    },
    {
      "name": "CVE-2020-6321",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6321"
    },
    {
      "name": "CVE-2020-6355",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6355"
    },
    {
      "name": "CVE-2020-6352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6352"
    },
    {
      "name": "CVE-2020-6350",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6350"
    },
    {
      "name": "CVE-2020-6326",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6326"
    },
    {
      "name": "CVE-2020-6337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6337"
    },
    {
      "name": "CVE-2020-6275",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6275"
    },
    {
      "name": "CVE-2020-6302",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6302"
    },
    {
      "name": "CVE-2020-11022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
    },
    {
      "name": "CVE-2020-6353",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6353"
    },
    {
      "name": "CVE-2020-6339",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6339"
    },
    {
      "name": "CVE-2020-6330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6330"
    },
    {
      "name": "CVE-2020-6314",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6314"
    },
    {
      "name": "CVE-2020-6336",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6336"
    },
    {
      "name": "CVE-2020-6313",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6313"
    },
    {
      "name": "CVE-2020-6358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6358"
    },
    {
      "name": "CVE-2020-6345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6345"
    },
    {
      "name": "CVE-2020-6360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6360"
    },
    {
      "name": "CVE-2020-6342",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6342"
    },
    {
      "name": "CVE-2020-6331",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6331"
    },
    {
      "name": "CVE-2020-6324",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6324"
    },
    {
      "name": "CVE-2020-6361",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6361"
    },
    {
      "name": "CVE-2020-11023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
    },
    {
      "name": "CVE-2020-6327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6327"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-549",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-09-08T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SAP du 08 septembre 2020",
      "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700"
    }
  ]
}

GHSA-VP93-PR49-F4R2

Vulnerability from github – Published: 2022-05-24 17:27 – Updated: 2022-05-24 17:27

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-6326"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-09-09T13:15:00Z",
    "severity": "LOW"
  },
  "details": "SAP NetWeaver (Knowledge Management), version-7.30,7.31,7.40,7.50, allows an authenticated attacker to create malicious links in the UI, when clicked by victim, will execute arbitrary java scripts thus extracting or modifying information otherwise restricted leading to Stored Cross Site Scripting.",
  "id": "GHSA-vp93-pr49-f4r2",
  "modified": "2022-05-24T17:27:44Z",
  "published": "2022-05-24T17:27:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6326"
    },
    {
      "type": "WEB",
      "url": "https://launchpad.support.sap.com/#/notes/2953112"
    },
    {
      "type": "WEB",
      "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CNVD-2020-52934

Vulnerability from cnvd - Published: 2020-09-21

Title

SAP NetWeaver跨站脚本漏洞（CNVD-2020-52934）

Description

SAP NetWeaver是基于专业标准的集成化应用平台，能够大幅度降低系统整合的复杂性。其组件包括门户、应用服务器、商务智能解决方案以及系统整合和数据整合技术。 SAP NetWeaver 7.30、7.31、7.40、7.50存在跨站脚本漏洞。攻击者可通过在UI中创建恶意链接利用该漏洞执行任意Java脚本，从而可提取或修改信息。

Severity

低

Patch Name

SAP NetWeaver跨站脚本漏洞（CNVD-2020-52934）的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-6326

Impacted products

Name
['SAP SAP Netweaver 7.30', 'SAP SAP Netweaver 7.31', 'SAP SAP Netweaver 7.40', 'SAP SAP Netweaver 7.50']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-6326",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-6326"
    }
  },
  "description": "SAP NetWeaver\u662f\u57fa\u4e8e\u4e13\u4e1a\u6807\u51c6\u7684\u96c6\u6210\u5316\u5e94\u7528\u5e73\u53f0\uff0c\u80fd\u591f\u5927\u5e45\u5ea6\u964d\u4f4e\u7cfb\u7edf\u6574\u5408\u7684\u590d\u6742\u6027\u3002\u5176\u7ec4\u4ef6\u5305\u62ec\u95e8\u6237\u3001\u5e94\u7528\u670d\u52a1\u5668\u3001\u5546\u52a1\u667a\u80fd\u89e3\u51b3\u65b9\u6848\u4ee5\u53ca\u7cfb\u7edf\u6574\u5408\u548c\u6570\u636e\u6574\u5408\u6280\u672f\u3002\n\nSAP NetWeaver 7.30\u30017.31\u30017.40\u30017.50\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5728UI\u4e2d\u521b\u5efa\u6076\u610f\u94fe\u63a5\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610fJava\u811a\u672c\uff0c\u4ece\u800c\u53ef\u63d0\u53d6\u6216\u4fee\u6539\u4fe1\u606f\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-52934",
  "openTime": "2020-09-21",
  "patchDescription": "SAP NetWeaver\u662f\u57fa\u4e8e\u4e13\u4e1a\u6807\u51c6\u7684\u96c6\u6210\u5316\u5e94\u7528\u5e73\u53f0\uff0c\u80fd\u591f\u5927\u5e45\u5ea6\u964d\u4f4e\u7cfb\u7edf\u6574\u5408\u7684\u590d\u6742\u6027\u3002\u5176\u7ec4\u4ef6\u5305\u62ec\u95e8\u6237\u3001\u5e94\u7528\u670d\u52a1\u5668\u3001\u5546\u52a1\u667a\u80fd\u89e3\u51b3\u65b9\u6848\u4ee5\u53ca\u7cfb\u7edf\u6574\u5408\u548c\u6570\u636e\u6574\u5408\u6280\u672f\u3002\r\n\r\nSAP NetWeaver 7.30\u30017.31\u30017.40\u30017.50\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5728UI\u4e2d\u521b\u5efa\u6076\u610f\u94fe\u63a5\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610fJava\u811a\u672c\uff0c\u4ece\u800c\u53ef\u63d0\u53d6\u6216\u4fee\u6539\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "SAP NetWeaver\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2020-52934\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "SAP SAP Netweaver 7.30",
      "SAP SAP Netweaver 7.31",
      "SAP SAP Netweaver 7.40",
      "SAP SAP Netweaver 7.50"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-6326",
  "serverity": "\u4f4e",
  "submitTime": "2020-09-18",
  "title": "SAP NetWeaver\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2020-52934\uff09"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-6326 (GCVE-0-2020-6326)

FKIE_CVE-2020-6326

GSD-2020-6326

CERTFR-2020-AVI-549

Solution

CERTFR-2020-AVI-549

Solution

GHSA-VP93-PR49-F4R2

CNVD-2020-52934

Tags

Sightings

Nomenclature