{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T19:32:55.012","vulnerabilities":[{"cve":{"id":"CVE-2020-6205","sourceIdentifier":"cna@sap.com","published":"2020-03-10T21:15:14.620","lastModified":"2024-11-21T05:35:17.763","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"SAP NetWeaver AS ABAP Business Server Pages (Smart Forms), SAP_BASIS versions- 7.00, 7.01, 7.02, 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, 7.51, 7.52, 7.53, 7.54; does not sufficiently encode user controlled inputs, allowing an unauthenticated attacker to non-permanently deface or modify displayed content and/or steal authentication information of the user and/or impersonate the user and access all information with the same rights as the target user, leading to Reflected Cross Site Scripting Vulnerability."},{"lang":"es","value":"SAP NetWeaver AS ABAP Business Server Pages (Smart Forms), versiones de SAP_BASIS 7.00, 7.01, 7.02, 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, 7.51, 7.52, 7.53, 7.54; no codifica suficientemente las entradas controladas por el usuario, permitiendo a un atacante no autenticado desfigurar de forma no permanente o modificar  el contenido mostrado y/o robar información de autenticación del usuario y/o suplantar al usuario y acceder a toda la información con los mismos derechos que el usuario objeto del ataque, conllevando a una Vulnerabilidad de tipo Cross Site Scripting Reflejado."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV30":[{"source":"cna@sap.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.00:*:*:*:*:*:*:*","matchCriteriaId":"2E6E948A-59A4-460A-8369-68E9A94CA4EC"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.01:*:*:*:*:*:*:*","matchCriteriaId":"2B2AC049-E6B5-4954-875A-7E66F2CEFEDF"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.02:*:*:*:*:*:*:*","matchCriteriaId":"1097BE81-D7C7-4288-82A8-F5FA0EB492E3"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.10:*:*:*:*:*:*:*","matchCriteriaId":"A14A2CCD-4E29-42BF-94E8-6FBCF7265132"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.11:*:*:*:*:*:*:*","matchCriteriaId":"FC7F939D-7BC7-48DF-BBC7-867341F841CC"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.30:*:*:*:*:*:*:*","matchCriteriaId":"66D0CBF3-A0C0-4125-87D2-15DC05990986"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.31:*:*:*:*:*:*:*","matchCriteriaId":"D4AA4EAF-ED70-4FEC-85B5-C8229EB5F600"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.40:*:*:*:*:*:*:*","matchCriteriaId":"0F822C6B-3047-4EB1-9A85-EE10EA592DE4"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.50:*:*:*:*:*:*:*","matchCriteriaId":"689471D5-2189-48AF-ACE9-41DA4B642B1E"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.51:*:*:*:*:*:*:*","matchCriteriaId":"CD618C71-34FF-414C-86DC-C43C5EEF5D20"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.52:*:*:*:*:*:*:*","matchCriteriaId":"8E4BD107-F102-4859-9439-955F4DACE96F"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.53:*:*:*:*:*:*:*","matchCriteriaId":"0AC0B6B2-BE6F-4745-ACE4-245B0685734F"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.54:*:*:*:*:*:*:*","matchCriteriaId":"07A358CC-0FE7-4665-B595-169F784A5AC1"}]}]}],"references":[{"url":"https://launchpad.support.sap.com/#/notes/2884910","source":"cna@sap.com","tags":["Permissions Required"]},{"url":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305","source":"cna@sap.com","tags":["Vendor Advisory"]},{"url":"https://launchpad.support.sap.com/#/notes/2884910","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Permissions Required"]},{"url":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}