Filtered by vendor Sap
Subscriptions
Total
1493 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-6301 | 1 Sap | 1 Hcm Travel Management | 2024-08-04 | 8.1 High |
| SAP ERP (HCM Travel Management), versions - 600, 602, 603, 604, 605, 606, 607, 608, allows an authenticated but unauthorized attacker to read, modify and settle trips, resulting in escalation of privileges, due to Missing Authorization Check. | ||||
| CVE-2020-6285 | 1 Sap | 1 Netweaver | 2024-08-04 | 6.5 Medium |
| SAP NetWeaver - XML Toolkit for JAVA (ENGINEAPI) (versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50), under certain conditions allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure. | ||||
| CVE-2020-6312 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-08-04 | 5.4 Medium |
| SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), versions - 4.1, 4.2, allows an attacker with a non-administrative user account that can edit certain web page properties, can modify how a browser processes particular page elements, leading to stored Cross Site Scripting. In certain situations, when a user accesses an affected web page element, the attacker will be able to access or modify metadata for which they are not authorized. | ||||
| CVE-2020-6303 | 1 Sap | 1 Disclosure Management | 2024-08-04 | 5.4 Medium |
| SAP Disclosure Management, before version 10.1, does not validate user input properly in specific use cases leading to Cross-Site Scripting. | ||||
| CVE-2020-6302 | 1 Sap | 1 Commerce | 2024-08-04 | 8.1 High |
| SAP Commerce versions 6.7, 1808, 1811, 1905, 2005 contains the jSession ID in the backoffice URL when the application is loaded initially. An attacker can get this session ID via shoulder surfing or man in the middle attack and subsequently get access to admin user accounts, leading to Session Fixation and complete compromise of the confidentiality, integrity and availability of the application. | ||||
| CVE-2020-6232 | 1 Sap | 1 Commerce Cloud | 2024-08-04 | 5.3 Medium |
| SAP Commerce, versions 1811, 1905, does not perform necessary authorization checks for an anonymous user, due to Missing Authorization Check. This affects confidentiality of secure media. | ||||
| CVE-2020-6307 | 1 Sap | 1 Basis | 2024-08-04 | 4.3 Medium |
| Automated Note Search Tool (update provided in SAP Basis 7.0, 7.01, 7.02, 7.31, 7.4, 7.5, 7.51, 7.52, 7.53 and 7.54) does not perform sufficient authorization checks leading to the reading of sensitive information. | ||||
| CVE-2020-6331 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-08-04 | 4.3 Medium |
| SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HPGL file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | ||||
| CVE-2020-6322 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-08-04 | 4.3 Medium |
| SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated 3DM file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | ||||
| CVE-2020-6290 | 1 Sap | 1 Disclosure Management | 2024-08-04 | 6.3 Medium |
| SAP Disclosure Management, version 10.1, is vulnerable to Session Fixation attacks wherein the attacker tricks the user into using a specific session ID. | ||||
| CVE-2020-6333 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-08-04 | 4.3 Medium |
| SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated 3DM file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | ||||
| CVE-2020-6315 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-08-04 | 5.5 Medium |
| SAP 3D Visual Enterprise Viewer, version 9, allows an attacker to send certain manipulated file to the victim, which can lead to leakage of sensitive information when the victim loads the malicious file into the VE viewer, leading to Information Disclosure. | ||||
| CVE-2020-6317 | 1 Sap | 1 Adaptive Server Enterprise | 2024-08-04 | 3.5 Low |
| In certain situations, an attacker with regular user credentials and local access to an ASE cockpit installation can access sensitive information which appears in the installation log files. This information although sensitive is of limited utility and cannot be used to further access, modify or render unavailable any other information in the cockpit or system. This affects SAP Adaptive Server Enterprise, Versions - 15.7, 16.0. | ||||
| CVE-2020-6276 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-08-04 | 6.1 Medium |
| SAP Business Objects Business Intelligence Platform (bipodata), version 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability. | ||||
| CVE-2020-6270 | 1 Sap | 1 Netweaver Application Server Abap | 2024-08-04 | 6.5 Medium |
| SAP NetWeaver AS ABAP (Banking Services), versions - 710, 711, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not perform necessary authorization checks for an authenticated user due to Missing Authorization Check, allowing wrong and unexpected change of individual conditions by a malicious user leading to wrong prices. | ||||
| CVE-2020-6328 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-08-04 | 4.3 Medium |
| SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated CGM file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | ||||
| CVE-2020-6278 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-08-04 | 5.4 Medium |
| SAP Business Objects Business Intelligence Platform (BI Launchpad and CMC), versions 4.1, 4.2, allows to an attacker to embed malicious scripts in the application while uploading images, which gets executed when the victim opens these files, leading to Stored Cross Site Scripting | ||||
| CVE-2020-6326 | 1 Sap | 1 Netweaver Knowledge Management | 2024-08-04 | 5.4 Medium |
| SAP NetWeaver (Knowledge Management), version-7.30,7.31,7.40,7.50, allows an authenticated attacker to create malicious links in the UI, when clicked by victim, will execute arbitrary java scripts thus extracting or modifying information otherwise restricted leading to Stored Cross Site Scripting. | ||||
| CVE-2020-6253 | 1 Sap | 1 Adaptive Server Enterprise | 2024-08-04 | 7.2 High |
| Under certain conditions, SAP Adaptive Server Enterprise (Web Services), versions 15.7, 16.0, allows an authenticated user to execute crafted database queries to elevate their privileges, modify database objects, or execute commands they are not otherwise authorized to execute, leading to SQL Injection. | ||||
| CVE-2020-6244 | 1 Sap | 1 Business Client | 2024-08-04 | 7.8 High |
| SAP Business Client, version 7.0, allows an attacker after a successful social engineering attack to inject malicious code as a DLL file in untrusted directories that can be executed by the application, due to uncontrolled search path element. An attacker could thereby control the behavior of the application. | ||||