Filtered by vendor Sap
Subscribe
Total
1304 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-6276 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2020-07-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP Business Objects Business Intelligence Platform (bipodata), version 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability. | |||||
| CVE-2020-6281 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2020-07-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP Business Objects Business Intelligence Platform (BI Launchpad), version 4.2, does not sufficiently encode user-controlled inputs, resulting reflected in Cross-Site Scripting. | |||||
| CVE-2016-5845 | 1 Sap | 1 Sapcar | 2020-06-25 | 2.1 LOW | 5.5 MEDIUM |
| SAP SAPCAR does not check the return value of file operations when extracting files, which allows remote attackers to cause a denial of service (program crash) via an invalid file name in an archive file, aka SAP Security Note 2312905. | |||||
| CVE-2020-6271 | 1 Sap | 1 Solution Manager | 2020-06-16 | 5.5 MEDIUM | 8.2 HIGH |
| SAP Solution Manager (Problem Context Manager), version 7.2, does not perform the necessary authentication, allowing an attacker to consume large amounts of memory, causing the system to crash and read restricted data (files visible for technical administration users of the diagnostics agent). | |||||
| CVE-2020-6268 | 1 Sap | 2 Erp \(ea-finserv\), Erp \(s4core\) | 2020-06-16 | 5.5 MEDIUM | 8.1 HIGH |
| Statutory Reporting for Insurance Companies in SAP ERP (EA-FINSERV versions - 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104) does not execute the required authorization checks for an authenticated user, allowing an attacker to view and tamper with certain restricted data leading to Missing Authorization Check. | |||||
| CVE-2020-6266 | 1 Sap | 1 Fiori | 2020-06-16 | 4.9 MEDIUM | 5.4 MEDIUM |
| SAP Fiori for SAP S/4HANA, versions - 100, 200, 300, 400, allows an attacker to redirect users to a malicious site due to insufficient URL validation, leading to URL Redirection. | |||||
| CVE-2020-6260 | 1 Sap | 1 Solution Manager | 2020-06-16 | 5.0 MEDIUM | 5.3 MEDIUM |
| SAP Solution Manager (Trace Analysis), version 7.20, allows an attacker to inject superflous data that can be displayed by the application, due to Incomplete XML Validation. The application shows additional data that do not actually exist. | |||||
| CVE-2020-6246 | 1 Sap | 1 Netweaver As Abap Business Server Pages | 2020-06-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_TABLE, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2020-6265 | 1 Sap | 2 Commerce, Commerce Data Hub | 2020-06-15 | 7.5 HIGH | 9.8 CRITICAL |
| SAP Commerce, versions - 6.7, 1808, 1811, 1905, and SAP Commerce (Data Hub), versions - 6.7, 1808, 1811, 1905, allows an attacker to bypass the authentication and/or authorization that has been configured by the system administrator due to the use of Hardcoded Credentials. | |||||
| CVE-2020-6244 | 1 Sap | 1 Business Client | 2020-05-18 | 4.4 MEDIUM | 7.8 HIGH |
| SAP Business Client, version 7.0, allows an attacker after a successful social engineering attack to inject malicious code as a DLL file in untrusted directories that can be executed by the application, due to uncontrolled search path element. An attacker could thereby control the behavior of the application. | |||||
| CVE-2020-6249 | 1 Sap | 3 Master Data Governance \(s4core\), Master Data Governance \(s4fnd\), Master Data Governance \(sap Bs Fnd\) | 2020-05-15 | 6.5 MEDIUM | 8.8 HIGH |
| The use of an admin backend report within SAP Master Data Governance, versions - S4CORE 101, S4FND 102, 103, 104, SAP_BS_FND 748; allows an attacker to execute crafted database queries, exposing the backend database, leading to SQL Injection. | |||||
| CVE-2020-6259 | 1 Sap | 1 Adaptive Server Enterprise | 2020-05-15 | 4.0 MEDIUM | 6.5 MEDIUM |
| Under certain conditions SAP Adaptive Server Enterprise, versions 15.7, 16.0, allows an attacker to access information which would otherwise be restricted leading to Missing Authorization Check. | |||||
| CVE-2020-6258 | 1 Sap | 1 Identity Management | 2020-05-15 | 4.0 MEDIUM | 6.5 MEDIUM |
| SAP Identity Management, version 8.0, does not perform necessary authorization checks for an authenticated user, allowing the attacker to view certain sensitive information of the victim, leading to Missing Authorization Check. | |||||
| CVE-2020-6253 | 1 Sap | 1 Adaptive Server Enterprise | 2020-05-15 | 6.5 MEDIUM | 7.2 HIGH |
| Under certain conditions, SAP Adaptive Server Enterprise (Web Services), versions 15.7, 16.0, allows an authenticated user to execute crafted database queries to elevate their privileges, modify database objects, or execute commands they are not otherwise authorized to execute, leading to SQL Injection. | |||||
| CVE-2020-6257 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2020-05-14 | 3.5 LOW | 5.4 MEDIUM |
| SAP Business Objects Business Intelligence Platform (CMC and BI Launchpad) 4.2 does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability. | |||||
| CVE-2020-6256 | 1 Sap | 1 Master Data Governance | 2020-05-14 | 4.0 MEDIUM | 4.3 MEDIUM |
| SAP Master Data Governance, versions - 748, 749, 750, 751, 752, 800, 801, 802, 803, 804, allows users to display change request details without having required authorizations, due to Missing Authorization Check. | |||||
| CVE-2020-6254 | 1 Sap | 1 Enterprise Threat Detection | 2020-05-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP Enterprise Threat Detection, versions 1.0, 2.0, does not sufficiently encode error response pages in case of errors, allowing XSS payload reflecting in the response, leading to reflected Cross Site Scripting. | |||||
| CVE-2020-6241 | 1 Sap | 1 Adaptive Server Enterprise | 2020-05-14 | 6.5 MEDIUM | 8.8 HIGH |
| SAP Adaptive Server Enterprise, version 16.0, allows an authenticated user to execute crafted database queries to elevate privileges of users in the system, leading to SQL Injection. | |||||
| CVE-2020-6245 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2020-05-14 | 4.6 MEDIUM | 6.7 MEDIUM |
| SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker with access to local instance, to inject file or code that can be executed by the application due to Improper Control of Resource Identifiers. | |||||
| CVE-2020-6212 | 1 Sap | 2 Erp, S\/4hana | 2020-05-08 | 5.5 MEDIUM | 5.4 MEDIUM |
| Egypt localized withholding tax reports Clearing of Liabilities and Remittance Statement and Summary in SAP ERP (versions 618, 730, EAPPLGLO 607) and S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorization checks for an authenticated user, allowing reading or modification of some tax reports, due to Missing Authorization Check. | |||||