CVE-2020-6229

Name of the Vulnerable Software and Affected Versions SAP NetWeaver AS ABAP versions 700 through 75E

Description The issue arises from insufficient encoding of user-controlled inputs in the Business Server Pages application CRM BSP FRAME, resulting in a reflected Cross-Site Scripting (XSS) issue. This allows attackers to inject malicious scripts into the application.

Recommendations For SAP NetWeaver AS ABAP versions 700 through 75E, ensure proper encoding of user-controlled inputs to prevent reflected Cross-Site Scripting (XSS) attacks. As a temporary workaround, consider restricting access to the CRM BSP FRAME application until a proper fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.