Filtered by vendor Sap
Subscriptions
Total
1493 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-6222 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-08-04 | 5.4 Medium |
| SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface), versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2020-6217 | 1 Sap | 1 Netweaver As Abap Business Server Pages | 2024-08-04 | 6.1 Medium |
| SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2020-6185 | 1 Sap | 2 Netweaver, S\/4hana | 2024-08-04 | 5.4 Medium |
| Under certain conditions ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS versions 7.50, 7.51, 7.52, 7.53, 7.54), allows an authenticated attacker to store a malicious payload which results in Stored Cross Site Scripting vulnerability. | ||||
| CVE-2020-6198 | 1 Sap | 1 Solution Manager | 2024-08-04 | 9.8 Critical |
| SAP Solution Manager (Diagnostics Agent), version 720, allows unencrypted connections from unauthenticated sources. This allows an attacker to control all remote functions on the Agent due to Missing Authentication Check. | ||||
| CVE-2020-6193 | 1 Sap | 1 Netweaver Knowledge Management | 2024-08-04 | 6.1 Medium |
| SAP NetWeaver (Knowledge Management ICE Service), versions 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to execute malicious scripts leading to Reflected Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2020-6184 | 1 Sap | 2 Netweaver, S\/4hana | 2024-08-04 | 6.1 Medium |
| Under certain conditions, ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS versions 7.50, 7.51, 7.52, 7.53, 7.54), does not sufficiently encode user-controlled inputs, resulting in Reflected Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2020-6204 | 1 Sap | 2 Treasury And Risk Management \(ea-finserv\), Treasury And Risk Management \(s4core\) | 2024-08-04 | 4.3 Medium |
| The selection query in SAP Treasury and Risk Management (Transaction Management) (EA-FINSERV?versions 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104) returns more records than it should be when selecting and displaying the contract number, leading to Missing Authorization Check. | ||||
| CVE-2020-6218 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-08-04 | 5.0 Medium |
| Admin tools and Query Builder in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, allows an attacker to access information that should otherwise be restricted, leading to Information Disclosure. | ||||
| CVE-2020-6201 | 1 Sap | 1 Commerce Cloud | 2024-08-04 | 6.1 Medium |
| The SAP Commerce (Testweb Extension), versions- 6.6, 6.7, 1808, 1811, 1905, does not sufficiently encode user-controlled inputs, due to which certain GET URL parameters are reflected in the HTTP responses without escaping/sanitization, leading to Reflected Cross Site Scripting. | ||||
| CVE-2020-6181 | 1 Sap | 2 Abap Platform, Netweaver | 2024-08-04 | 5.8 Medium |
| Under some circumstances the SAML SSO implementation in the SAP NetWeaver (SAP_BASIS versions 702, 730, 731, 740 and SAP ABAP Platform (SAP_BASIS versions 750, 751, 752, 753, 754), allows an attacker to include invalidated data in the HTTP response header sent to a Web user, leading to HTTP Response Splitting vulnerability. | ||||
| CVE-2020-6207 | 1 Sap | 1 Solution Manager | 2024-08-04 | 9.8 Critical |
| SAP Solution Manager (User Experience Monitoring), version- 7.2, due to Missing Authentication Check does not perform any authentication for a service resulting in complete compromise of all SMDAgents connected to the Solution Manager. | ||||
| CVE-2020-6189 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-08-04 | 5.3 Medium |
| Certain settings page(s) in SAP Business Objects Business Intelligence Platform (CMC), version 4.2, generates error messages that can give enterprise private-network related information which would otherwise be restricted leading to Information Disclosure. | ||||
| CVE-2020-6196 | 1 Sap | 1 Businessobjects Mobile | 2024-08-04 | 7.5 High |
| SAP BusinessObjects Mobile (MobileBIService), version 4.2, allows an attacker to generate multiple requests, using which he can block all the threads resulting in a Denial of Service. | ||||
| CVE-2020-6191 | 1 Sap | 1 Landscape Management | 2024-08-04 | 7.2 High |
| SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious executables with root privileges in SAP Host Agent via SAP Landscape Management due to Missing Input Validation. | ||||
| CVE-2020-6221 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-08-04 | 5.4 Medium |
| Web Intelligence HTML interface in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2020-6215 | 1 Sap | 1 Netweaver As Abap Business Server Pages | 2024-08-04 | 6.1 Medium |
| SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, allows an attacker to redirect users to a malicious site due to insufficient URL validation and steal credentials of the victim, leading to URL Redirection vulnerability. | ||||
| CVE-2020-6199 | 1 Sap | 1 Erp | 2024-08-04 | 5.4 Medium |
| The view FIMENAV_COMPCERT in SAP ERP (MENA Certificate Management), EAPPGLO version 607, SAP_FIN versions- 618, 730 and SAP S/4HANA (MENA Certificate Management), S4CORE versions- 100, 101, 102, 103, 104; does not have any authorization check to it due to which an attacker without an authorization group can maintain any company certificate, leading to Missing Authorization Check. | ||||
| CVE-2020-6213 | 1 Sap | 1 Netweaver As Abap Business Server Pages | 2024-08-04 | 6.1 Medium |
| SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_PHTMLB, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, is vulnerable to reflected Cross-Site Scripting (XSS) via different URL parameters as it does not sufficiently encode user controlled inputs. | ||||
| CVE-2020-6192 | 1 Sap | 1 Landscape Management | 2024-08-04 | 7.2 High |
| SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious commands with root privileges in SAP Host Agent via SAP Landscape Management. | ||||
| CVE-2020-6212 | 1 Sap | 2 Erp, S\/4hana | 2024-08-04 | 5.4 Medium |
| Egypt localized withholding tax reports Clearing of Liabilities and Remittance Statement and Summary in SAP ERP (versions 618, 730, EAPPLGLO 607) and S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorization checks for an authenticated user, allowing reading or modification of some tax reports, due to Missing Authorization Check. | ||||