CVE-2020-6326

medium

Description

SAP NetWeaver (Knowledge Management), version-7.30,7.31,7.40,7.50, allows an authenticated attacker to create malicious links in the UI, when clicked by victim, will execute arbitrary java scripts thus extracting or modifying information otherwise restricted leading to Stored Cross Site Scripting.

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700

https://launchpad.support.sap.com/#/notes/2953112

Details

Source: Mitre, NVD

Published: 2020-09-09

Updated: 2020-09-14

Risk Information

CVSS v2

Base Score: 3.5

Vector: CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N

Severity: Low

CVSS v3

Base Score: 5.4

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Severity: Medium