Vulnerabilities (CVE)

Filtered by vendor Sap Subscribe
Total 1426 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-2073 1 Sap 1 Businessobjects Edge 2021-08-13 5.0 MEDIUM 7.5 HIGH
The File RepositoRy Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to read arbitrary files via a full pathname, aka SAP Note 2018682.
CVE-2019-0305 1 Sap 1 Netweaver Process Integration 2021-07-21 4.3 MEDIUM 4.3 MEDIUM
Java Server Pages (JSPs) provided by the SAP NetWeaver Process Integration (SAP_XIESR and SAP_XITOOL: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50) do not restrict or incorrectly restrict frame objects or UI layers that belong to another application or domain, resulting in Clickjacking vulnerability. Successful exploitation of this vulnerability leads to unwanted modification of user's data.
CVE-2020-26824 1 Sap 1 Solution Manager 2021-07-21 6.4 MEDIUM 10.0 CRITICAL
SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Upgrade Legacy Ports Service, this has an impact to the integrity and availability of the service.
CVE-2020-6247 1 Sap 1 Businessobjects Business Intelligence Platform 2021-07-21 5.0 MEDIUM 7.5 HIGH
SAP Business Objects Business Intelligence Platform, version 4.2, allows an unauthenticated attacker to prevent legitimate users from accessing a service. Using a specially crafted request, the attacker can crash or flood the Central Management Server, thereby impacting system availability.
CVE-2020-6252 1 Sap 1 Adaptive Server Enterprise Cockpit 2021-07-21 5.2 MEDIUM 8.0 HIGH
Under certain conditions SAP Adaptive Server Enterprise (Cockpit), version 16.0, allows an attacker with access to local network, to get sensitive and confidential information, leading to Information Disclosure. It can be used to get user account credentials, tamper with system data and impact system availability.
CVE-2020-6208 1 Sap 1 Crystal Reports 2021-07-21 4.4 MEDIUM 8.2 HIGH
SAP Business Objects Business Intelligence Platform (Crystal Reports), versions- 4.1, 4.2, allows an attacker with basic authorization to inject code that can be executed by the application and thus allowing the attacker to control the behaviour of the application, leading to Remote Code Execution. Although the mode of attack is only Local, multiple applications can be impacted as a result of the vulnerability.
CVE-2020-6239 1 Sap 1 Business One 2021-07-21 2.1 LOW 4.4 MEDIUM
Under certain conditions SAP Business One (Backup service), versions 9.3, 10.0, allows an attacker with admin permissions to view SYSTEM user password in clear text, leading to Information Disclosure.
CVE-2020-6261 1 Sap 1 Solution Manager 2021-07-21 5.0 MEDIUM 5.3 MEDIUM
SAP Solution Manager (Trace Analysis), version 7.20, allows an attacker to perform a log injection into the trace file, due to Incomplete XML Validation. The readability of the trace file is impaired.
CVE-2020-6309 1 Sap 1 Netweaver Application Server Java 2021-07-21 7.8 HIGH 7.5 HIGH
SAP NetWeaver AS JAVA, versions - (ENGINEAPI 7.10; WSRM 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; J2EE-FRMW 7.10, 7.11), does not perform any authentication checks for a web service allowing the attacker to send several payloads and leading to complete denial of service.
CVE-2020-6195 1 Sap 1 Businessobjects Business Intelligence Platform 2021-07-21 5.0 MEDIUM 9.8 CRITICAL
SAP Business Objects Business Intelligence Platform (CMC), version 4.1, 4.2, shows cleartext password in the response, leading to Information Disclosure. It involves social engineering in order to gain access to system and If password is known, it would give administrative rights to the attacker to read/modify delete the data and rights within the system.
CVE-2020-6269 1 Sap 1 Businessobjects Business Intelligence Platform 2021-07-21 4.0 MEDIUM 6.5 MEDIUM
Under certain conditions SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure.
CVE-2019-0379 1 Sap 1 Process Integration 2021-07-21 5.0 MEDIUM 5.3 MEDIUM
SAP Process Integration, business-to-business add-on, versions 1.0, 2.0, does not perform authentication check properly when the default security provider is changed to BouncyCastle (BC), leading to Missing Authentication Check
CVE-2020-6262 1 Sap 1 Application Server 2021-07-21 6.5 MEDIUM 8.8 HIGH
Service Data Download in SAP Application Server ABAP (ST-PI, before versions 2008_1_46C, 2008_1_620, 2008_1_640, 2008_1_700, 2008_1_710, 740) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application and the whole ABAP system leading to Code Injection.
CVE-2020-26823 1 Sap 1 Solution Manager 2021-07-21 6.4 MEDIUM 10.0 CRITICAL
SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Upgrade Diagnostics Agent Connection Service, this has an impact to the integrity and availability of the service.
CVE-2020-6263 1 Sap 1 Netweaver Application Server Java 2021-07-21 7.5 HIGH 9.8 CRITICAL
Standalone clients connecting to SAP NetWeaver AS Java via P4 Protocol, versions (SAP-JEECOR 7.00, 7.01; SERVERCOR 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; CORE-TOOLS 7.00, 7.01, 7.02, 7.05, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50) do not perform any authentication checks for operations that require user identity leading to Authentication Bypass.
CVE-2020-6372 1 Sap 1 3d Visual Enterprise Viewer 2021-07-21 6.8 MEDIUM 7.8 HIGH
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PDF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
CVE-2020-6243 1 Sap 1 Adaptive Server Enterprise 2021-07-21 6.5 MEDIUM 8.8 HIGH
Under certain conditions, SAP Adaptive Server Enterprise (XP Server on Windows Platform), versions 15.7, 16.0, does not perform the necessary checks for an authenticated user while executing the extended stored procedure, allowing an attacker to read, modify, delete restricted data on connected servers, leading to Code Injection.
CVE-2020-6202 1 Sap 1 Netweaver Application Server Java 2021-07-21 6.5 MEDIUM 7.2 HIGH
SAP NetWeaver Application Server Java (User Management Engine), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; does not sufficiently validate the LDAP data source configuration XML document accepted from an untrusted source, leading to Missing XML Validation.
CVE-2020-6285 1 Sap 1 Netweaver 2021-07-21 3.5 LOW 6.5 MEDIUM
SAP NetWeaver - XML Toolkit for JAVA (ENGINEAPI) (versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50), under certain conditions allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure.
CVE-2020-6189 1 Sap 1 Businessobjects Business Intelligence Platform 2021-07-21 5.0 MEDIUM 5.3 MEDIUM
Certain settings page(s) in SAP Business Objects Business Intelligence Platform (CMC), version 4.2, generates error messages that can give enterprise private-network related information which would otherwise be restricted leading to Information Disclosure.