CVE-2020-6254

{"id": "CVE-2020-6254", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Secondary", "source": "cna@sap.com", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2020-05-12T18:15:14.553", "references": [{"url": "https://launchpad.support.sap.com/#/notes/2913293", "tags": ["Permissions Required"], "source": "cna@sap.com"}, {"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222", "tags": ["Vendor Advisory"], "source": "cna@sap.com"}, {"url": "https://launchpad.support.sap.com/#/notes/2913293", "tags": ["Permissions Required"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "SAP Enterprise Threat Detection, versions 1.0, 2.0, does not sufficiently encode error response pages in case of errors, allowing XSS payload reflecting in the response, leading to reflected Cross Site Scripting."}, {"lang": "es", "value": "SAP Enterprise Threat Detection, versiones 1.0, 2.0, no codifica suficientemente las p\u00e1ginas de respuesta error en caso de errores, permitiendo a una carga \u00fatil XSS reflejarse en la respuesta, conllevando a un ataque de tipo Cross Site Scripting reflejado."}], "lastModified": "2024-11-21T05:35:23.280", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:enterprise_threat_detection:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AFAC02F4-7EFF-498A-B9C7-A10601D3E787"}, {"criteria": "cpe:2.3:a:sap:enterprise_threat_detection:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DF020EBF-3430-49F4-B33F-C6410BB3E821"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}