Filtered by vendor Sap
Subscribe
Total
1426 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-6246 | 1 Sap | 1 Netweaver As Abap Business Server Pages | 2020-06-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_TABLE, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2020-6265 | 1 Sap | 2 Commerce, Commerce Data Hub | 2020-06-15 | 7.5 HIGH | 9.8 CRITICAL |
| SAP Commerce, versions - 6.7, 1808, 1811, 1905, and SAP Commerce (Data Hub), versions - 6.7, 1808, 1811, 1905, allows an attacker to bypass the authentication and/or authorization that has been configured by the system administrator due to the use of Hardcoded Credentials. | |||||
| CVE-2020-6244 | 1 Sap | 1 Business Client | 2020-05-18 | 4.4 MEDIUM | 7.8 HIGH |
| SAP Business Client, version 7.0, allows an attacker after a successful social engineering attack to inject malicious code as a DLL file in untrusted directories that can be executed by the application, due to uncontrolled search path element. An attacker could thereby control the behavior of the application. | |||||
| CVE-2020-6249 | 1 Sap | 3 Master Data Governance \(s4core\), Master Data Governance \(s4fnd\), Master Data Governance \(sap Bs Fnd\) | 2020-05-15 | 6.5 MEDIUM | 8.8 HIGH |
| The use of an admin backend report within SAP Master Data Governance, versions - S4CORE 101, S4FND 102, 103, 104, SAP_BS_FND 748; allows an attacker to execute crafted database queries, exposing the backend database, leading to SQL Injection. | |||||
| CVE-2020-6259 | 1 Sap | 1 Adaptive Server Enterprise | 2020-05-15 | 4.0 MEDIUM | 6.5 MEDIUM |
| Under certain conditions SAP Adaptive Server Enterprise, versions 15.7, 16.0, allows an attacker to access information which would otherwise be restricted leading to Missing Authorization Check. | |||||
| CVE-2020-6258 | 1 Sap | 1 Identity Management | 2020-05-15 | 4.0 MEDIUM | 6.5 MEDIUM |
| SAP Identity Management, version 8.0, does not perform necessary authorization checks for an authenticated user, allowing the attacker to view certain sensitive information of the victim, leading to Missing Authorization Check. | |||||
| CVE-2020-6253 | 1 Sap | 1 Adaptive Server Enterprise | 2020-05-15 | 6.5 MEDIUM | 7.2 HIGH |
| Under certain conditions, SAP Adaptive Server Enterprise (Web Services), versions 15.7, 16.0, allows an authenticated user to execute crafted database queries to elevate their privileges, modify database objects, or execute commands they are not otherwise authorized to execute, leading to SQL Injection. | |||||
| CVE-2020-6257 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2020-05-15 | 3.5 LOW | 5.4 MEDIUM |
| SAP Business Objects Business Intelligence Platform (CMC and BI Launchpad) 4.2 does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability. | |||||
| CVE-2020-6256 | 1 Sap | 1 Master Data Governance | 2020-05-15 | 4.0 MEDIUM | 4.3 MEDIUM |
| SAP Master Data Governance, versions - 748, 749, 750, 751, 752, 800, 801, 802, 803, 804, allows users to display change request details without having required authorizations, due to Missing Authorization Check. | |||||
| CVE-2020-6254 | 1 Sap | 1 Enterprise Threat Detection | 2020-05-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP Enterprise Threat Detection, versions 1.0, 2.0, does not sufficiently encode error response pages in case of errors, allowing XSS payload reflecting in the response, leading to reflected Cross Site Scripting. | |||||
| CVE-2020-6241 | 1 Sap | 1 Adaptive Server Enterprise | 2020-05-14 | 6.5 MEDIUM | 8.8 HIGH |
| SAP Adaptive Server Enterprise, version 16.0, allows an authenticated user to execute crafted database queries to elevate privileges of users in the system, leading to SQL Injection. | |||||
| CVE-2020-6245 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2020-05-14 | 4.6 MEDIUM | 6.7 MEDIUM |
| SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker with access to local instance, to inject file or code that can be executed by the application due to Improper Control of Resource Identifiers. | |||||
| CVE-2020-6212 | 1 Sap | 2 Erp, S\/4hana | 2020-05-08 | 5.5 MEDIUM | 5.4 MEDIUM |
| Egypt localized withholding tax reports Clearing of Liabilities and Remittance Statement and Summary in SAP ERP (versions 618, 730, EAPPLGLO 607) and S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorization checks for an authenticated user, allowing reading or modification of some tax reports, due to Missing Authorization Check. | |||||
| CVE-2020-6213 | 1 Sap | 1 Netweaver As Abap Business Server Pages | 2020-05-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_PHTMLB, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, is vulnerable to reflected Cross-Site Scripting (XSS) via different URL parameters as it does not sufficiently encode user controlled inputs. | |||||
| CVE-2020-6209 | 1 Sap | 1 Disclosure Management | 2020-04-24 | 6.0 MEDIUM | 7.5 HIGH |
| SAP Disclosure Management, version 10.1, does not perform necessary authorization checks for an authenticated user, allowing access to administration accounts by a user with no roles, leading to Missing Authorization Check. | |||||
| CVE-2020-6225 | 1 Sap | 2 Netweaver Knowledge Management And Collaboration \(kmc-cm\), Netweaver Knowledge Management And Collaboration \(kmc-wpc\) | 2020-04-15 | 6.5 MEDIUM | 8.8 HIGH |
| SAP NetWeaver (Knowledge Management), versions (KMC-CM - 7.00, 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 and KMC-WPC 7.30, 7.31, 7.40, 7.50), does not sufficiently validate path information provided by users, thus characters representing traverse to parent directory are passed through to the file APIs, allowing the attacker to overwrite, delete, or corrupt arbitrary files on the remote server, leading to Path Traversal. | |||||
| CVE-2020-6214 | 1 Sap | 1 S\/4hana | 2020-04-15 | 6.5 MEDIUM | 4.7 MEDIUM |
| SAP S/4HANA (Financial Products Subledger), version 100, uses an incorrect authorization object in some reports. Although the affected reports are protected with other authorization objects, exploitation of the vulnerability would allow an authenticated attacker to view, change, or delete data, thereby preventing the proper segregation of duties in the system. | |||||
| CVE-2020-6219 | 1 Sap | 2 Businessobjects Business Intelligence Platform, Crystal Reports For Visual Studio | 2020-04-15 | 6.5 MEDIUM | 8.8 HIGH |
| SAP Business Objects Business Intelligence Platform (CrystalReports WebForm Viewer), versions 4.1, 4.2, and Crystal Reports for VS version 2010, allows an attacker with basic authorization to perform deserialization attack in the application, leading to service interruptions and denial of service and unauthorized execution of arbitrary commands, leading to Deserialization of Untrusted Data. | |||||
| CVE-2020-6221 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2020-04-15 | 3.5 LOW | 5.4 MEDIUM |
| Web Intelligence HTML interface in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2020-6223 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2020-04-15 | 5.8 MEDIUM | 6.1 MEDIUM |
| The open document of SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, allows an attacker to modify certain error pages to include malicious content. This can misdirect a user who is tricked into accessing these error pages rendered by the application, leading to Content Spoofing. | |||||