CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 0CVE-2020-6270
https://notcve.org/view.php?id=CVE-2020-6270
SAP NetWeaver AS ABAP (Banking Services), versions - 710, 711, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not perform necessary authorization checks for an authenticated user due to Missing Authorization Check, allowing wrong and unexpected change of individual conditions by a malicious user leading to wrong prices. SAP NetWeaver AS ABAP (Banking Services), versiones: 710, 711, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, no realiza las comprobaciones de autorización necesarias para un usuario autenticado debido a la Falta de Comprobación de Autorización, permitiendo un cambio incorrecto e inesperado de condiciones individuales por un usuario malicioso conllevando a precios incorrectos • https://launchpad.support.sap.com/#/notes/2916562 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775 • CWE-862: Missing Authorization •
CVSS: 6.1EPSS: 0%CPEs: 16EXPL: 0CVE-2020-6229
https://notcve.org/view.php?id=CVE-2020-6229
SAP NetWeaver AS ABAP (Business Server Pages application CRM_BSP_FRAME), versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not sufficiently encode user controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability. SAP NetWeaver AS ABAP (aplicación CRM_BSP_FRAME de Business Server Pages), versiones 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, no codifica suficientemente entradas controladas por el usuario, resultando en una vulnerabilidad de tipo Cross-Site Scripting (XSS) reflejada. • https://launchpad.support.sap.com/#/notes/2900374 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •