Rewterz Threat Advisory – CVE-2020-6284 – SAP Netweaver (Knowledge Management) Cross-Site Scripting (XSS) vulnerability
August 12, 2020Rewterz Threat Alert – Script-Based Malware through Internet Explorer Exploits
August 13, 2020Rewterz Threat Advisory – CVE-2020-6284 – SAP Netweaver (Knowledge Management) Cross-Site Scripting (XSS) vulnerability
August 12, 2020Rewterz Threat Alert – Script-Based Malware through Internet Explorer Exploits
August 13, 2020Severity
High
Analysis Summary
Affected applications are delivered with a third-party component that contains a remote code execution vulnerability if the advanced reporting engine is enabled.
Impact
Code Injection
Affected Vendors
Siemens
Affected Products
- Desigo CC: Versions 3.x and 4.x
- Desigo CC Compact: Versions 3.x and 4.x
Remediation
Siemens has released patches for the affected products and recommends users to update to latest patch.
Users of Version 4.x, apply the latest patch
Users of Version 3.x, apply the latest patch