Rewterz Threat Alert – Gorgon APT Using Maldoc Campaign in India
August 12, 2020Rewterz Threat Advisory – CVE-2020-10055 – ICS: Siemens Desigo CC
August 13, 2020Rewterz Threat Alert – Gorgon APT Using Maldoc Campaign in India
August 12, 2020Rewterz Threat Advisory – CVE-2020-10055 – ICS: Siemens Desigo CC
August 13, 2020Severity
High
Analysis Summary
SAP NetWeaver (Knowledge Management) allows the automatic execution of script content in a stored file due to inadequate filtering with the accessing user’s privileges. If the accessing user has administrative privileges, then the execution of the script content could result in complete compromise of system confidentiality, integrity and availability, leading to Stored Cross Site Scripting.
Impact
Cross-Site Scripting
Affected Vendors
SAP
Affected Products
- SAP NetWeaver version 7.30
- SAP NetWeaver version 7.31
- SAP NetWeaver version 7.40
- SAP NetWeaver version 7.50
Remediation
Refer to SAP Note for the respective patches.