CVE-2020-6323 is a vulnerability in SAP Netweaver Enterprise Portal
Published on October 15, 2020

SAP NetWeaver Enterprise Portal (Fiori Framework Page) versions - 7.50, 7.31, 7.40, does not sufficiently encode user-controlled inputs and allows an attacker on a valid session to create an XSS that will be both reflected immediately and also be persisted and returned in further access to the system, resulting in Cross Site Scripting.

NVD

Products Associated with CVE-2020-6323

Want to know whenever a new CVE is published for SAP Netweaver Enterprise Portal? stack.watch will email you.

SAP Netweaver Enterprise Portal

Affected Versions

SAP SE SAP NetWeaver Enterprise Portal (Fiori Framework Page):

Version < 7.50 is affected.
Version < 7.31 is affected.
Version < 7.40 is affected.

Exploit Probability

EPSS

0.36%

Percentile

57.68%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2020-6323 is a vulnerability in SAP Netweaver Enterprise PortalPublished on October 15, 2020

Products Associated with CVE-2020-6323

Affected Versions

Exploit Probability

CVE-2020-6323 is a vulnerability in SAP Netweaver Enterprise Portal
Published on October 15, 2020