CVE-2020-6284

moderate-risk
Published 2020-08-12

SAP NetWeaver (Knowledge Management), versions - 7.30, 7.31, 7.40, 7.50, allows the automatic execution of script content in a stored file due to inadequate filtering with the accessing user's privileges. If the accessing user has administrative privileges, then the execution of the script content could result in complete compromise of system confidentiality, integrity and availability, leading to Stored Cross Site Scripting.

Do I need to act?

-
0.89% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.0/10 Critical
NETWORK / LOW complexity

Affected Products (4)

Netweaver Knowledge Management
Netweaver Knowledge Management
Netweaver Knowledge Management
Netweaver Knowledge Management

Affected Vendors

Sap

References (4)

Permissions Required https://launchpad.support.sap.com/#/notes/2928635
Vendor Advisory https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345
Permissions Required https://launchpad.support.sap.com/#/notes/2928635
Vendor Advisory https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345
43
/ 100
moderate-risk
Severity 30/34 · Critical
Exploitability 3/34 · Minimal
Exposure 10/34 · Low