admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-29 05:56:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2020/CVE-2020-62xx/CVE-2020-6229.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

209 lines
7.4 KiB
JSON
Raw Blame History

{
"id": "CVE-2020-6229",
"sourceIdentifier": "cna@sap.com",
"published": "2020-04-14T19:15:17.813",
"lastModified": "2020-04-15T14:12:26.293",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "SAP NetWeaver AS ABAP (Business Server Pages application CRM_BSP_FRAME), versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not sufficiently encode user controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability."
},
{
"lang": "es",
"value": "SAP NetWeaver AS ABAP (aplicaci\u00f3n CRM_BSP_FRAME de Business Server Pages), versiones 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, no codifica suficientemente entradas controladas por el usuario, resultando en una vulnerabilidad de tipo Cross-Site Scripting (XSS) reflejada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "cna@sap.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 4.3
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": true
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:75a:*:*:*:*:*:*:*",
"matchCriteriaId": "F72B140B-F258-464F-A434-E36E16EBBD37"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:75b:*:*:*:*:*:*:*",
"matchCriteriaId": "C262897C-C83F-4AF9-A9CC-27ED3C1D69D2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:75c:*:*:*:*:*:*:*",
"matchCriteriaId": "63AE465A-45CC-4834-BEC0-589935EFCAD2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:75d:*:*:*:*:*:*:*",
"matchCriteriaId": "AAADF821-7088-4D5C-BB6D-2662880AC62D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:75e:*:*:*:*:*:*:*",
"matchCriteriaId": "76E464A9-F2FD-4A91-8562-A33EBABD24E7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:700:*:*:*:*:*:*:*",
"matchCriteriaId": "C730F7F7-B228-4D3E-BC02-33EE5D695D69"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:701:*:*:*:*:*:*:*",
"matchCriteriaId": "EE253C97-C802-476B-81FB-BA4FC15B433C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:702:*:*:*:*:*:*:*",
"matchCriteriaId": "4DCD414F-0C97-4657-BF48-11DA3A83850E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:710:*:*:*:*:*:*:*",
"matchCriteriaId": "62F96880-7BC4-4F91-A10B-590659BFF3C2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:711:*:*:*:*:*:*:*",
"matchCriteriaId": "4F34A9CD-7A1E-4225-AF38-08E1E3DB6E9A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:730:*:*:*:*:*:*:*",
"matchCriteriaId": "EB7A2294-4A88-436E-A847-1D88DBB1877E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:731:*:*:*:*:*:*:*",
"matchCriteriaId": "C167C76A-0F85-47F3-A90E-8DA4EA8C3B74"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:740:*:*:*:*:*:*:*",
"matchCriteriaId": "FF90E047-B917-4C52-8A5B-99BFA094E90D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:750:*:*:*:*:*:*:*",
"matchCriteriaId": "DAE99B15-44F0-47A1-AD2F-D92BCCA940F8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:751:*:*:*:*:*:*:*",
"matchCriteriaId": "C00F292E-E761-47AA-A82D-456CBA829BDD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:752:*:*:*:*:*:*:*",
"matchCriteriaId": "4662F413-B285-4310-AA7C-D8AD60E024DE"
}
]
}
]
}
],
"references": [
{
"url": "https://launchpad.support.sap.com/#/notes/2900374",
"source": "cna@sap.com",
"tags": [
"Permissions Required",
"Vendor Advisory"
]
},
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202",
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink