Filtered by vendor Sap
Subscriptions
Total
1493 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-6294 | 2 Opengroup, Sap | 2 Unix, Businessobjects Business Intelligence Platform | 2024-08-04 | 9.1 Critical |
| Xvfb of SAP Business Objects Business Intelligence Platform, versions - 4.2, 4.3, platform on Unix does not perform any authentication checks for functionalities that require user identity. | ||||
| CVE-2020-6263 | 1 Sap | 1 Netweaver Application Server Java | 2024-08-04 | 9.8 Critical |
| Standalone clients connecting to SAP NetWeaver AS Java via P4 Protocol, versions (SAP-JEECOR 7.00, 7.01; SERVERCOR 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; CORE-TOOLS 7.00, 7.01, 7.02, 7.05, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50) do not perform any authentication checks for operations that require user identity leading to Authentication Bypass. | ||||
| CVE-2020-6271 | 1 Sap | 1 Solution Manager | 2024-08-04 | 8.2 High |
| SAP Solution Manager (Problem Context Manager), version 7.2, does not perform the necessary authentication, allowing an attacker to consume large amounts of memory, causing the system to crash and read restricted data (files visible for technical administration users of the diagnostics agent). | ||||
| CVE-2020-6239 | 1 Sap | 1 Business One | 2024-08-04 | 4.4 Medium |
| Under certain conditions SAP Business One (Backup service), versions 9.3, 10.0, allows an attacker with admin permissions to view SYSTEM user password in clear text, leading to Information Disclosure. | ||||
| CVE-2020-6284 | 1 Sap | 1 Netweaver Knowledge Management | 2024-08-04 | 9.0 Critical |
| SAP NetWeaver (Knowledge Management), versions - 7.30, 7.31, 7.40, 7.50, allows the automatic execution of script content in a stored file due to inadequate filtering with the accessing user's privileges. If the accessing user has administrative privileges, then the execution of the script content could result in complete compromise of system confidentiality, integrity and availability, leading to Stored Cross Site Scripting. | ||||
| CVE-2020-6233 | 1 Sap | 2 Banking Services From Sap, S\/4hana Financial Products Subledger | 2024-08-04 | 4.3 Medium |
| SAP S/4 HANA (Financial Products Subledger and Banking Services), versions - FSAPPL 400, 450, 500 and S4FPSL 100, allows an authenticated user to run an analysis report due to Missing Authorization Check, resulting in slowing the system. | ||||
| CVE-2020-6252 | 1 Sap | 1 Adaptive Server Enterprise Cockpit | 2024-08-04 | 8.0 High |
| Under certain conditions SAP Adaptive Server Enterprise (Cockpit), version 16.0, allows an attacker with access to local network, to get sensitive and confidential information, leading to Information Disclosure. It can be used to get user account credentials, tamper with system data and impact system availability. | ||||
| CVE-2020-6219 | 1 Sap | 2 Businessobjects Business Intelligence Platform, Crystal Reports For Visual Studio | 2024-08-04 | 8.8 High |
| SAP Business Objects Business Intelligence Platform (CrystalReports WebForm Viewer), versions 4.1, 4.2, and Crystal Reports for VS version 2010, allows an attacker with basic authorization to perform deserialization attack in the application, leading to service interruptions and denial of service and unauthorized execution of arbitrary commands, leading to Deserialization of Untrusted Data. | ||||
| CVE-2020-6299 | 1 Sap | 2 Abap Platform, Netweaver Application Server Abap | 2024-08-04 | 4.3 Medium |
| SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 740, 750, 751, 752, 753, 754, 755, allows a business user to access the list of users in the given system using value help, leading to Information Disclosure. | ||||
| CVE-2020-6266 | 1 Sap | 1 Fiori | 2024-08-04 | 5.4 Medium |
| SAP Fiori for SAP S/4HANA, versions - 100, 200, 300, 400, allows an attacker to redirect users to a malicious site due to insufficient URL validation, leading to URL Redirection. | ||||
| CVE-2020-6272 | 1 Sap | 1 Commerce Cloud | 2024-08-04 | 5.4 Medium |
| SAP Commerce Cloud versions - 1808, 1811, 1905, 2005, does not sufficiently encode user inputs, which allows an authenticated and authorized content manager to inject malicious script into several web CMS components. These can be saved and later triggered, if an affected web page is visited, resulting in Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2020-6304 | 1 Sap | 5 Netweaver Internet Communication Manager \(kernel\), Netweaver Internet Communication Manager \(krnl32nuc\), Netweaver Internet Communication Manager \(krnl32uc\) and 2 more | 2024-08-04 | 7.5 High |
| Improper input validation in SAP NetWeaver Internet Communication Manager (update provided in KRNL32NUC & KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT KRNL64NUC & KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49 KERNEL 7.21, 7.49, 7.53) allows an attacker to prevent users from accessing its services through a denial of service. | ||||
| CVE-2020-6327 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-08-04 | 4.3 Medium |
| SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated 3DM file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | ||||
| CVE-2020-6282 | 1 Sap | 1 Netweaver Application Server Java | 2024-08-04 | 5.8 Medium |
| SAP NetWeaver AS JAVA (IIOP service) (SERVERCORE), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, and SAP NetWeaver AS JAVA (IIOP service) (CORE-TOOLS), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send a crafted request from a vulnerable web application. It is usually used to target internal systems behind firewalls that are normally inaccessible to an attacker from the external network, resulting in a Server-Side Request Forgery vulnerability. | ||||
| CVE-2020-6310 | 1 Sap | 2 Abap Platform, Netweaver Application Server Abap | 2024-08-04 | 4.3 Medium |
| Improper access control in SOA Configuration Trace component in SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 702, 730, 731, 740, 750, allows any authenticated user to enumerate all SAP users, leading to Information Disclosure. | ||||
| CVE-2020-6246 | 1 Sap | 1 Netweaver As Abap Business Server Pages | 2024-08-04 | 6.1 Medium |
| SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_TABLE, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2020-6228 | 1 Sap | 1 Business Client | 2024-08-04 | 7.5 High |
| SAP Business Client, versions 6.5, 7.0, does not perform necessary integrity checks which could be exploited by an attacker under certain conditions to modify the installer. | ||||
| CVE-2020-6183 | 1 Sap | 1 Host Agent | 2024-08-04 | 6.5 Medium |
| SAP Host Agent, version 7.21, allows an unprivileged user to read the shared memory or write to the shared memory by sending request to the main SAPOSCOL process and receive responses that may contain data read with user root privileges e.g. size of any directory, system hardware and OS details, leading to Missing Authorization Check vulnerability. | ||||
| CVE-2020-6250 | 1 Sap | 1 Adaptive Server Enterprise | 2024-08-04 | 6.8 Medium |
| SAP Adaptive Server Enterprise, version 16.0, allows an authenticated attacker to exploit certain misconfigured endpoints exposed over the adjacent network, to read system administrator password leading to Information Disclosure. This could help the attacker to read/write any data and even stop the server like an administrator. | ||||
| CVE-2020-6227 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-08-04 | 7.5 High |
| SAP Business Objects Business Intelligence Platform (CMS / Auditing issues), version 4.2, allows attacker to send specially crafted GIOP packets to several services due to Improper Input Validation, allowing to forge additional entries in GLF log files. | ||||