CVE-2020-6206

Name of the Vulnerable Software and Affected Versions SAP Cloud Platform Integration for Data Services version 1.0

Description The issue allows user inputs to be reflected as error or warning messages, potentially misleading victims into following malicious instructions inserted by external attackers, leading to Cross Site Request Forgery.

Recommendations For SAP Cloud Platform Integration for Data Services version 1.0, consider implementing input validation and sanitization to prevent malicious instructions from being reflected in error or warning messages. As a temporary workaround, restrict the ability of external attackers to insert malicious instructions into user inputs until a patch is available.