Vulnerability-Lookup

CVE-2020-6368 (GCVE-0-2020-6368)

Vulnerability from cvelistv5 – Published: 2020-10-15 01:54 – Updated: 2024-08-04 09:02

Summary

SAP Business Planning and Consolidation, versions - 750, 751, 752, 753, 754, 755, 810, 100, 200, can be abused by an attacker, allowing them to modify displayed application content without authorization, and to potentially obtain authentication information from other legitimate users, leading to Cross Site Scripting.

Severity ?

5.4 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWE

Cross Site Scripting

Assigner

sap

References

URL

	Vendor	Product	Version
	SAP SE	SAP Business Planning and Consolidation	Affected: < 750 Affected: < 751 Affected: < 752 Affected: < 753 Affected: < 754 Affected: < 755 Affected: < 810 Affected: < 100 Affected: < 200

GSD-2020-6368

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2020-6368

Aliases

CVE-2020-6368

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-6368",
    "description": "SAP Business Planning and Consolidation, versions - 750, 751, 752, 753, 754, 755, 810, 100, 200, can be abused by an attacker, allowing them to modify displayed application content without authorization, and to potentially obtain authentication information from other legitimate users, leading to Cross Site Scripting.",
    "id": "GSD-2020-6368"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-6368"
      ],
      "details": "SAP Business Planning and Consolidation, versions - 750, 751, 752, 753, 754, 755, 810, 100, 200, can be abused by an attacker, allowing them to modify displayed application content without authorization, and to potentially obtain authentication information from other legitimate users, leading to Cross Site Scripting.",
      "id": "GSD-2020-6368",
      "modified": "2023-12-13T01:21:55.412058Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cna@sap.com",
        "ID": "CVE-2020-6368",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "SAP Business Planning and Consolidation",
                    "version": {
                      "version_data": [
                        {
                          "version_name": "\u003c",
                          "version_value": "750"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "751"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "752"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "753"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "754"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "755"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "810"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "100"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "200"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "SAP SE"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "SAP Business Planning and Consolidation, versions - 750, 751, 752, 753, 754, 755, 810, 100, 200, can be abused by an attacker, allowing them to modify displayed application content without authorization, and to potentially obtain authentication information from other legitimate users, leading to Cross Site Scripting."
          }
        ]
      },
      "impact": {
        "cvss": {
          "baseScore": "5.4",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Cross Site Scripting"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196",
            "refsource": "MISC",
            "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196"
          },
          {
            "name": "https://launchpad.support.sap.com/#/notes/2960825",
            "refsource": "MISC",
            "url": "https://launchpad.support.sap.com/#/notes/2960825"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sap:business_planning_and_consolidation:100:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:business_planning_and_consolidation:200:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:business_planning_and_consolidation:750:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:business_planning_and_consolidation:751:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:business_planning_and_consolidation:752:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:business_planning_and_consolidation:753:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:business_planning_and_consolidation:754:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:business_planning_and_consolidation:755:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:business_planning_and_consolidation:810:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cna@sap.com",
          "ID": "CVE-2020-6368"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "SAP Business Planning and Consolidation, versions - 750, 751, 752, 753, 754, 755, 810, 100, 200, can be abused by an attacker, allowing them to modify displayed application content without authorization, and to potentially obtain authentication information from other legitimate users, leading to Cross Site Scripting."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://launchpad.support.sap.com/#/notes/2960825",
              "refsource": "MISC",
              "tags": [
                "Permissions Required"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2960825"
            },
            {
              "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 6.8,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.3,
          "impactScore": 2.7
        }
      },
      "lastModifiedDate": "2020-10-19T19:50Z",
      "publishedDate": "2020-10-15T02:15Z"
    }
  }
}

FKIE_CVE-2020-6368

Vulnerability from fkie_nvd - Published: 2020-10-15 02:15 - Updated: 2024-11-21 05:35

Severity ?

5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Summary

References

URL	Tags
cna@sap.com	https://launchpad.support.sap.com/#/notes/2960825	Permissions Required
cna@sap.com	https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://launchpad.support.sap.com/#/notes/2960825	Permissions Required
af854a3a-2127-422b-91ae-364da2661108	https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196	Vendor Advisory

Impacted products

Vendor	Product	Version
sap	business_planning_and_consolidation	100
sap	business_planning_and_consolidation	200
sap	business_planning_and_consolidation	750
sap	business_planning_and_consolidation	751
sap	business_planning_and_consolidation	752
sap	business_planning_and_consolidation	753
sap	business_planning_and_consolidation	754
sap	business_planning_and_consolidation	755
sap	business_planning_and_consolidation	810

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sap:business_planning_and_consolidation:100:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5511CB0-07AA-49C9-B445-32E78957F0BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:business_planning_and_consolidation:200:*:*:*:*:*:*:*",
              "matchCriteriaId": "545A7B0D-B9E5-42AB-A81C-AC3C55E7ACDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:business_planning_and_consolidation:750:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F248836-5A9D-4DA8-9AAC-F71AD511DAF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:business_planning_and_consolidation:751:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E9AD392-554A-4707-99F2-E9449E2232D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:business_planning_and_consolidation:752:*:*:*:*:*:*:*",
              "matchCriteriaId": "60287C4F-7CA8-43B4-A054-5C63D5DA99BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:business_planning_and_consolidation:753:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9A5ACFB-A152-445A-A5CD-33083DD726CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:business_planning_and_consolidation:754:*:*:*:*:*:*:*",
              "matchCriteriaId": "B936DDDB-7B28-4A73-9A05-3BF403A9D95E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:business_planning_and_consolidation:755:*:*:*:*:*:*:*",
              "matchCriteriaId": "80834B1A-9FA7-4334-8D0F-6A0E001738A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:business_planning_and_consolidation:810:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA754B06-A263-4B03-B350-96F507E2235B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SAP Business Planning and Consolidation, versions - 750, 751, 752, 753, 754, 755, 810, 100, 200, can be abused by an attacker, allowing them to modify displayed application content without authorization, and to potentially obtain authentication information from other legitimate users, leading to Cross Site Scripting."
    },
    {
      "lang": "es",
      "value": "SAP Business Planning and Consolidation, versiones - 750, 751, 752, 753, 754, 755, 810, 100, 200, pueden ser abusada por un atacante, permitiendo modificar el contenido de la aplicaci\u00f3n mostrada sin autorizaci\u00f3n y potencialmente obtener informaci\u00f3n de autenticaci\u00f3n de otros usuarios leg\u00edtimos, conllevando a una vulnerabilidad de tipo Cross Site Scripting"
    }
  ],
  "id": "CVE-2020-6368",
  "lastModified": "2024-11-21T05:35:35.480",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "cna@sap.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-10-15T02:15:12.890",
  "references": [
    {
      "source": "cna@sap.com",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://launchpad.support.sap.com/#/notes/2960825"
    },
    {
      "source": "cna@sap.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://launchpad.support.sap.com/#/notes/2960825"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196"
    }
  ],
  "sourceIdentifier": "cna@sap.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2020-AVI-630

Vulnerability from certfr_avis - Published: 2020-10-13 - Updated: 2020-10-13

De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
SAP	N/A	SAP NetWeaver Application Server Java versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40 et 7.50
SAP	N/A	SAP NetWeaver Composite Application Framework versions 7.20, 7.30, 7.31, 7.40 et 7.50
SAP	N/A	SAP NetWeaver (DI Design Time Repository) versions 7.11, 7.30, 7.31, 7.40 et 7.50
SAP	N/A	SAP Business Planning and Consolidation versions 750, 751, 752, 753, 754, 755, 810, 100 et 200
SAP	N/A	SAP NetWeaver (Compare systems) versions - 7.20, 7.30, 7.31, 7.40, 7.50
SAP	N/A	SAP NetWeaver Application Server ABAP (POWL test application) versions 710, 711, 730, 731, 740 et 750
SAP	N/A	SAP 3D Visual Enterprise Viewer version 9
SAP	N/A	SAP Solution Manager (CA Introscope Enterprise Manager) et SAP Focused Run (CA Introscope Enterprise Manager) versions WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5 et 10.7
SAP	N/A	SAP Banking Services version 500
SAP	NetWeaver Enterprise Portal	SAP NetWeaver Enterprise Portal (Fiori Framework Page) versions 7.50, 7.31, et 7.40
SAP	Commerce Cloud	SAP Commerce Cloud versions 1808, 1811, 1905 et 2005

References

Title

Publication Time

GHSA-HRC5-9PP2-965P

Vulnerability from github – Published: 2022-05-24 17:30 – Updated: 2022-05-24 17:30

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-6368"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-10-15T02:15:00Z",
    "severity": "MODERATE"
  },
  "details": "SAP Business Planning and Consolidation, versions - 750, 751, 752, 753, 754, 755, 810, 100, 200, can be abused by an attacker, allowing them to modify displayed application content without authorization, and to potentially obtain authentication information from other legitimate users, leading to Cross Site Scripting.",
  "id": "GHSA-hrc5-9pp2-965p",
  "modified": "2022-05-24T17:30:47Z",
  "published": "2022-05-24T17:30:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6368"
    },
    {
      "type": "WEB",
      "url": "https://launchpad.support.sap.com/#/notes/2960825"
    },
    {
      "type": "WEB",
      "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CNVD-2020-65559

Vulnerability from cnvd - Published: 2020-11-23

Title

SAP Business Planning and Consolidation跨站脚本漏洞

Description

SAP Business Planning and Consolidation是德国思爱普（SAP）公司的一款商业计划和整合软件。该软件提供预算编制、预测和财务合并功能。 SAP Business Planning and Consolidation 750、751、752、753、754、755、810、100和200版本存在跨站脚本漏洞。攻击者可利用该漏洞在未经授权的情况下修改显示的应用程序内容及从其它合法用户处获取身份验证信息。

Severity

低

Patch Name

SAP Business Planning and Consolidation跨站脚本漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接：https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196

Reference

https://vigilance.fr/vulnerability/SAP-multiple-vulnerabilities-of-October-2020-33549

Impacted products

Name
['SAP SAP Business Planning and Consolidation 750', 'SAP SAP Business Planning and Consolidation 751', 'SAP SAP Business Planning and Consolidation 752', 'SAP SAP Business Planning and Consolidation 753', 'SAP SAP Business Planning and Consolidation 754', 'SAP SAP Business Planning and Consolidation 755', 'SAP SAP Business Planning and Consolidation 810', 'SAP SAP Business Planning and Consolidation 100', 'SAP SAP Business Planning and Consolidation 200']

Name

['SAP SAP Business Planning and Consolidation 750', 'SAP SAP Business Planning and Consolidation 751', 'SAP SAP Business Planning and Consolidation 752', 'SAP SAP Business Planning and Consolidation 753', 'SAP SAP Business Planning and Consolidation 754', 'SAP SAP Business Planning and Consolidation 755', 'SAP SAP Business Planning and Consolidation 810', 'SAP SAP Business Planning and Consolidation 100', 'SAP SAP Business Planning and Consolidation 200']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-6368",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-6368"
    }
  },
  "description": "SAP Business Planning and Consolidation\u662f\u5fb7\u56fd\u601d\u7231\u666e\uff08SAP\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u5546\u4e1a\u8ba1\u5212\u548c\u6574\u5408\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u63d0\u4f9b\u9884\u7b97\u7f16\u5236\u3001\u9884\u6d4b\u548c\u8d22\u52a1\u5408\u5e76\u529f\u80fd\u3002\n\nSAP Business Planning and Consolidation 750\u3001751\u3001752\u3001753\u3001754\u3001755\u3001810\u3001100\u548c200\u7248\u672c\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u672a\u7ecf\u6388\u6743\u7684\u60c5\u51b5\u4e0b\u4fee\u6539\u663e\u793a\u7684\u5e94\u7528\u7a0b\u5e8f\u5185\u5bb9\u53ca\u4ece\u5176\u5b83\u5408\u6cd5\u7528\u6237\u5904\u83b7\u53d6\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1ahttps://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-65559",
  "openTime": "2020-11-23",
  "patchDescription": "SAP Business Planning and Consolidation\u662f\u5fb7\u56fd\u601d\u7231\u666e\uff08SAP\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u5546\u4e1a\u8ba1\u5212\u548c\u6574\u5408\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u63d0\u4f9b\u9884\u7b97\u7f16\u5236\u3001\u9884\u6d4b\u548c\u8d22\u52a1\u5408\u5e76\u529f\u80fd\u3002\r\n\r\nSAP Business Planning and Consolidation 750\u3001751\u3001752\u3001753\u3001754\u3001755\u3001810\u3001100\u548c200\u7248\u672c\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u672a\u7ecf\u6388\u6743\u7684\u60c5\u51b5\u4e0b\u4fee\u6539\u663e\u793a\u7684\u5e94\u7528\u7a0b\u5e8f\u5185\u5bb9\u53ca\u4ece\u5176\u5b83\u5408\u6cd5\u7528\u6237\u5904\u83b7\u53d6\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "SAP Business Planning and Consolidation\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "SAP SAP Business Planning and Consolidation 750",
      "SAP SAP Business Planning and Consolidation 751",
      "SAP SAP Business Planning and Consolidation 752",
      "SAP SAP Business Planning and Consolidation 753",
      "SAP SAP Business Planning and Consolidation 754",
      "SAP SAP Business Planning and Consolidation 755",
      "SAP SAP Business Planning and Consolidation 810",
      "SAP SAP Business Planning and Consolidation 100",
      "SAP SAP Business Planning and Consolidation 200"
    ]
  },
  "referenceLink": "https://vigilance.fr/vulnerability/SAP-multiple-vulnerabilities-of-October-2020-33549",
  "serverity": "\u4f4e",
  "submitTime": "2020-10-21",
  "title": "SAP Business Planning and Consolidation\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-6368 (GCVE-0-2020-6368)

GSD-2020-6368

FKIE_CVE-2020-6368

CERTFR-2020-AVI-630

Solution

GHSA-HRC5-9PP2-965P

CNVD-2020-65559

Tags

Sightings

Nomenclature