CVE-2020-6319

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Application Server Java versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50

Description The issue allows an unauthenticated attacker to include JavaScript blocks in any web page or URL with different symbols, which are otherwise not allowed. On successful exploitation, an attacker can steal authentication information of the user, such as data relating to his or her current session, and limitedly impact confidentiality and integrity of the application, leading to Reflected Cross Site Scripting.

Recommendations For SAP NetWeaver Application Server Java versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50, update to a version that includes the fix for this issue to prevent reflected cross-site scripting attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.