CVE-2020-6365 vulnerability in SAP Products
Published on October 15, 2020
SAP NetWeaver AS Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, Start Page allows an unauthenticated remote attacker to redirect users to a malicious site due to insufficient reverse tabnabbing URL validation. The attacker could execute phishing attacks to steal credentials of the victim or to redirect users to untrusted web pages containing malware or similar malicious exploits.
Products Associated with CVE-2020-6365
stack.watch emails you whenever new vulnerabilities are published in SAP NetWeaver or SAP Netweaver Application Server Java. Just hit a watch button to start following.
Affected Versions
SAP SE SAP NetWeaver Application Server Java:- Version < 7.10 is affected.
- Version < 7.11 is affected.
- Version < 7.20 is affected.
- Version < 7.30 is affected.
- Version < 7.31 is affected.
- Version < 7.40 is affected.
- Version < 7.50 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.