Filtered by vendor Sap
Subscriptions
Total
1586 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-6300 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | 4.8 Medium |
| SAP Business Objects Business Intelligence Platform (Central Management Console), versions- 4.2, 4.3, allows an attacker with administrator rights can use the web application to send malicious code to a different end user (victim), as it does not sufficiently encode user-controlled inputs for RecycleBin, resulting in Stored Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2020-6299 | 1 Sap | 2 Abap Platform, Netweaver Application Server Abap | 2024-11-21 | 4.3 Medium |
| SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 740, 750, 751, 752, 753, 754, 755, allows a business user to access the list of users in the given system using value help, leading to Information Disclosure. | ||||
| CVE-2020-6298 | 1 Sap | 1 Generic Market Data | 2024-11-21 | 8.1 High |
| SAP Banking Services (Generic Market Data), versions - 400, 450, 500, allows an unauthorized user to display protected Business Partner Generic Market Data (GMD) and change related GMD key figure values, due to Missing Authorization Check. | ||||
| CVE-2020-6297 | 1 Sap | 1 Data Intelligence | 2024-11-21 | 4.4 Medium |
| Under certain conditions the upgrade of SAP Data Hub 2.7 to SAP Data Intelligence, version - 3.0, allows an attacker to access confidential system configuration information, that should otherwise be restricted, leading to Information Disclosure. | ||||
| CVE-2020-6296 | 1 Sap | 2 Abap Platform, Netweaver Application Server Abap | 2024-11-21 | 8.8 High |
| SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 753, 755, allows an attacker to inject code that can be executed by the application, leading to Code Injection. An attacker could thereby control the behavior of the application. | ||||
| CVE-2020-6295 | 1 Sap | 1 Adaptive Server Enterprise | 2024-11-21 | 7.8 High |
| Under certain conditions the SAP Adaptive Server Enterprise, version 16.0, allows an attacker to access encrypted sensitive and confidential information through publicly readable installation log files leading to a compromise of the installed Cockpit. This compromise could enable the attacker to view, modify and/or make unavailable any data associated with the Cockpit, leading to Information Disclosure. | ||||
| CVE-2020-6294 | 2 Opengroup, Sap | 2 Unix, Businessobjects Business Intelligence Platform | 2024-11-21 | 9.1 Critical |
| Xvfb of SAP Business Objects Business Intelligence Platform, versions - 4.2, 4.3, platform on Unix does not perform any authentication checks for functionalities that require user identity. | ||||
| CVE-2020-6293 | 1 Sap | 1 Netweaver Knowledge Management | 2024-11-21 | 6.5 Medium |
| SAP NetWeaver (Knowledge Management), versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to upload a malicious file and also to access, modify or make unavailable existing files but the impact is limited to the files themselves and is restricted by other policies such as access control lists and other upload file size restrictions, leading to Unrestricted File Upload. | ||||
| CVE-2020-6292 | 1 Sap | 1 Disclosure Management | 2024-11-21 | 8.8 High |
| Logout mechanism in SAP Disclosure Management, version 10.1, does not invalidate one of the session cookies, leading to Insufficient Session Expiration. | ||||
| CVE-2020-6291 | 1 Sap | 1 Disclosure Management | 2024-11-21 | 8.8 High |
| SAP Disclosure Management, version 10.1, session mechanism does not have expiration data set therefore allows unlimited access after authenticating once, leading to Insufficient Session Expiration | ||||
| CVE-2020-6290 | 1 Sap | 1 Disclosure Management | 2024-11-21 | 6.3 Medium |
| SAP Disclosure Management, version 10.1, is vulnerable to Session Fixation attacks wherein the attacker tricks the user into using a specific session ID. | ||||
| CVE-2020-6289 | 1 Sap | 1 Disclosure Management | 2024-11-21 | 8.8 High |
| SAP Disclosure Management, version 10.1, had insufficient protection against Cross-Site Request Forgery, which could be used to trick user in to browsing malicious site. | ||||
| CVE-2020-6288 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | 5.3 Medium |
| SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface) allows an attacker with edit document rights to upload any file (including script files) without proper file format validation leading to Unrestricted upload of file with dangerous type vulnerability. The attacker can modify some formulas and display erroneous content. The server is not affected only the current user browser session, that can easily be closed. | ||||
| CVE-2020-6286 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-21 | 5.3 Medium |
| The insufficient input path validation of certain parameter in the web service of SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to exploit a method to download zip files to a specific directory, leading to Path Traversal. | ||||
| CVE-2020-6285 | 1 Sap | 1 Netweaver | 2024-11-21 | 6.5 Medium |
| SAP NetWeaver - XML Toolkit for JAVA (ENGINEAPI) (versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50), under certain conditions allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure. | ||||
| CVE-2020-6284 | 1 Sap | 1 Netweaver Knowledge Management | 2024-11-21 | 9.0 Critical |
| SAP NetWeaver (Knowledge Management), versions - 7.30, 7.31, 7.40, 7.50, allows the automatic execution of script content in a stored file due to inadequate filtering with the accessing user's privileges. If the accessing user has administrative privileges, then the execution of the script content could result in complete compromise of system confidentiality, integrity and availability, leading to Stored Cross Site Scripting. | ||||
| CVE-2020-6283 | 1 Sap | 1 Fiori Launchpad | 2024-11-21 | 6.1 Medium |
| SAP Fiori Launchpad does not sufficiently encode user controlled inputs, and hence allowing the attacker to inject the meta tag into the launchpad html using the vulnerable parameter, resulting in reflected Cross-Site Scripting (XSS) vulnerability. With a successful attack, the attacker can steal authentication information of the user, such as data relating to his or her current session. | ||||
| CVE-2020-6282 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-21 | 5.8 Medium |
| SAP NetWeaver AS JAVA (IIOP service) (SERVERCORE), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, and SAP NetWeaver AS JAVA (IIOP service) (CORE-TOOLS), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send a crafted request from a vulnerable web application. It is usually used to target internal systems behind firewalls that are normally inaccessible to an attacker from the external network, resulting in a Server-Side Request Forgery vulnerability. | ||||
| CVE-2020-6281 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | 6.1 Medium |
| SAP Business Objects Business Intelligence Platform (BI Launchpad), version 4.2, does not sufficiently encode user-controlled inputs, resulting reflected in Cross-Site Scripting. | ||||
| CVE-2020-6280 | 1 Sap | 2 Abap Platform, Netweaver Application Server Abap | 2024-11-21 | 2.7 Low |
| SAP NetWeaver (ABAP Server) and ABAP Platform, versions 731, 740, 750, allows an attacker with admin privileges to access certain files which should otherwise be restricted, leading to Information Disclosure. | ||||