CVE-2020-6284

Name of the Vulnerable Software and Affected Versions SAP NetWeaver (Knowledge Management) versions 7.30, 7.31, 7.40, 7.50

Description The issue allows the automatic execution of script content in a stored file due to inadequate filtering, which can be done with the accessing user's privileges. If the accessing user has administrative privileges, the execution of the script content could result in complete compromise of system confidentiality, integrity, and availability, leading to Stored Cross Site Scripting. The vulnerability is related to the failure to neutralize script-related HTML tags on a web page, which can allow a remote attacker to perform cross-site scripting attacks.

Recommendations For SAP NetWeaver (Knowledge Management) versions 7.30, 7.31, 7.40, 7.50, consider disabling the execution of script content in stored files until a patch is available. Restrict access to administrative privileges to minimize the risk of exploitation. Avoid using the vulnerable Knowledge Management component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.