CVE-2020-6254

Name of the Vulnerable Software and Affected Versions SAP Enterprise Threat Detection versions 1.0 through 2.0

Description The issue arises from insufficient encoding of error response pages, allowing XSS payload reflection in the response. This leads to reflected Cross Site Scripting, where an attacker can inject malicious scripts into the response, potentially executing them on the victim's browser.

Recommendations For SAP Enterprise Threat Detection versions 1.0 through 2.0, update to a version that properly encodes error response pages to prevent XSS payload reflection. At the moment, there is no information about a newer version that contains a fix for this vulnerability.