Filtered by vendor Sap
Subscriptions
Total
1502 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-6272 | 1 Sap | 1 Commerce Cloud | 2024-11-21 | 5.4 Medium |
| SAP Commerce Cloud versions - 1808, 1811, 1905, 2005, does not sufficiently encode user inputs, which allows an authenticated and authorized content manager to inject malicious script into several web CMS components. These can be saved and later triggered, if an affected web page is visited, resulting in Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2020-6271 | 1 Sap | 1 Solution Manager | 2024-11-21 | 8.2 High |
| SAP Solution Manager (Problem Context Manager), version 7.2, does not perform the necessary authentication, allowing an attacker to consume large amounts of memory, causing the system to crash and read restricted data (files visible for technical administration users of the diagnostics agent). | ||||
| CVE-2020-6270 | 1 Sap | 1 Netweaver Application Server Abap | 2024-11-21 | 6.5 Medium |
| SAP NetWeaver AS ABAP (Banking Services), versions - 710, 711, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not perform necessary authorization checks for an authenticated user due to Missing Authorization Check, allowing wrong and unexpected change of individual conditions by a malicious user leading to wrong prices. | ||||
| CVE-2020-6269 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | 6.5 Medium |
| Under certain conditions SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure. | ||||
| CVE-2020-6268 | 1 Sap | 2 Erp \(ea-finserv\), Erp \(s4core\) | 2024-11-21 | 8.1 High |
| Statutory Reporting for Insurance Companies in SAP ERP (EA-FINSERV versions - 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104) does not execute the required authorization checks for an authenticated user, allowing an attacker to view and tamper with certain restricted data leading to Missing Authorization Check. | ||||
| CVE-2020-6267 | 1 Sap | 1 Disclosure Management | 2024-11-21 | 5.4 Medium |
| Some sensitive cookies in SAP Disclosure Management, version 10.1, are missing HttpOnly flag, leading to sensitive cookie without Http Only flag. | ||||
| CVE-2020-6266 | 1 Sap | 1 Fiori | 2024-11-21 | 5.4 Medium |
| SAP Fiori for SAP S/4HANA, versions - 100, 200, 300, 400, allows an attacker to redirect users to a malicious site due to insufficient URL validation, leading to URL Redirection. | ||||
| CVE-2020-6265 | 1 Sap | 2 Commerce, Commerce Data Hub | 2024-11-21 | 9.8 Critical |
| SAP Commerce, versions - 6.7, 1808, 1811, 1905, and SAP Commerce (Data Hub), versions - 6.7, 1808, 1811, 1905, allows an attacker to bypass the authentication and/or authorization that has been configured by the system administrator due to the use of Hardcoded Credentials. | ||||
| CVE-2020-6264 | 1 Sap | 1 Commerce | 2024-11-21 | 7.5 High |
| SAP Commerce, versions - 6.7, 1808, 1811, 1905, may allow an attacker to access information under certain conditions which would otherwise be restricted, leading to Information Disclosure. | ||||
| CVE-2020-6263 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-21 | 9.8 Critical |
| Standalone clients connecting to SAP NetWeaver AS Java via P4 Protocol, versions (SAP-JEECOR 7.00, 7.01; SERVERCOR 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; CORE-TOOLS 7.00, 7.01, 7.02, 7.05, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50) do not perform any authentication checks for operations that require user identity leading to Authentication Bypass. | ||||
| CVE-2020-6262 | 1 Sap | 1 Application Server | 2024-11-21 | 8.8 High |
| Service Data Download in SAP Application Server ABAP (ST-PI, before versions 2008_1_46C, 2008_1_620, 2008_1_640, 2008_1_700, 2008_1_710, 740) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application and the whole ABAP system leading to Code Injection. | ||||
| CVE-2020-6261 | 1 Sap | 1 Solution Manager | 2024-11-21 | 5.3 Medium |
| SAP Solution Manager (Trace Analysis), version 7.20, allows an attacker to perform a log injection into the trace file, due to Incomplete XML Validation. The readability of the trace file is impaired. | ||||
| CVE-2020-6260 | 1 Sap | 1 Solution Manager | 2024-11-21 | 5.3 Medium |
| SAP Solution Manager (Trace Analysis), version 7.20, allows an attacker to inject superflous data that can be displayed by the application, due to Incomplete XML Validation. The application shows additional data that do not actually exist. | ||||
| CVE-2020-6259 | 1 Sap | 1 Adaptive Server Enterprise | 2024-11-21 | 6.5 Medium |
| Under certain conditions SAP Adaptive Server Enterprise, versions 15.7, 16.0, allows an attacker to access information which would otherwise be restricted leading to Missing Authorization Check. | ||||
| CVE-2020-6258 | 1 Sap | 1 Identity Management | 2024-11-21 | 6.5 Medium |
| SAP Identity Management, version 8.0, does not perform necessary authorization checks for an authenticated user, allowing the attacker to view certain sensitive information of the victim, leading to Missing Authorization Check. | ||||
| CVE-2020-6257 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | 5.4 Medium |
| SAP Business Objects Business Intelligence Platform (CMC and BI Launchpad) 4.2 does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability. | ||||
| CVE-2020-6256 | 1 Sap | 1 Master Data Governance | 2024-11-21 | 4.3 Medium |
| SAP Master Data Governance, versions - 748, 749, 750, 751, 752, 800, 801, 802, 803, 804, allows users to display change request details without having required authorizations, due to Missing Authorization Check. | ||||
| CVE-2020-6254 | 1 Sap | 1 Enterprise Threat Detection | 2024-11-21 | 6.1 Medium |
| SAP Enterprise Threat Detection, versions 1.0, 2.0, does not sufficiently encode error response pages in case of errors, allowing XSS payload reflecting in the response, leading to reflected Cross Site Scripting. | ||||
| CVE-2020-6253 | 1 Sap | 1 Adaptive Server Enterprise | 2024-11-21 | 7.2 High |
| Under certain conditions, SAP Adaptive Server Enterprise (Web Services), versions 15.7, 16.0, allows an authenticated user to execute crafted database queries to elevate their privileges, modify database objects, or execute commands they are not otherwise authorized to execute, leading to SQL Injection. | ||||
| CVE-2020-6252 | 1 Sap | 1 Adaptive Server Enterprise Cockpit | 2024-11-21 | 8.0 High |
| Under certain conditions SAP Adaptive Server Enterprise (Cockpit), version 16.0, allows an attacker with access to local network, to get sensitive and confidential information, leading to Information Disclosure. It can be used to get user account credentials, tamper with system data and impact system availability. | ||||