CVE-2020-6205

Name of the Vulnerable Software and Affected Versions SAP NetWeaver AS ABAP Business Server Pages (Smart Forms), SAP BASIS versions 7.00 through 7.54

Description The issue arises from insufficient encoding of user-controlled inputs, allowing an unauthenticated attacker to non-permanently deface or modify displayed content, steal authentication information of the user, impersonate the user, and access all information with the same rights as the target user, leading to a Reflected Cross Site Scripting issue.

Recommendations For SAP BASIS versions 7.00 through 7.54, update to a version that sufficiently encodes user-controlled inputs to prevent Reflected Cross Site Scripting. As a temporary workaround, consider restricting access to user-controlled input fields until a patch is available. Avoid using sensitive information in user-controlled inputs until the issue is resolved.