CVE-2020-26835 vulnerability in SAP Products
Published on December 9, 2020

SAP NetWeaver AS ABAP, versions - 740, 750, 751, 752, 753, 754 , does not sufficiently encode URL which allows an attacker to input malicious java script in the URL which could be executed in the browser resulting in Reflected Cross-Site Scripting (XSS) vulnerability.

NVD

Products Associated with CVE-2020-26835

stack.watch emails you whenever new vulnerabilities are published in SAP Netweaver As Abap or SAP Netweaver Application Server Abap. Just hit a watch button to start following.

SAP Netweaver As Abap

SAP Netweaver Application Server Abap

Affected Versions

SAP SE SAP NetWeaver AS ABAP:

Version < 740 is affected.
Version < 750 is affected.
Version < 751 is affected.
Version < 752 is affected.
Version < 753 is affected.
Version < 754 is affected.

Exploit Probability

EPSS

0.30%

Percentile

52.91%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2020-26835 vulnerability in SAP ProductsPublished on December 9, 2020

Products Associated with CVE-2020-26835

Affected Versions

Exploit Probability

CVE-2020-26835 vulnerability in SAP Products
Published on December 9, 2020