Vulnerabilities > SAP > Abap Platform > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-04-11 CVE-2023-29110 Cross-site Scripting vulnerability in SAP products
The SAP Application Interface (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 100, 101, SAP_BASIS 755, 756, SAP_ABA 75C, 75D, 75E, application allows the usage HTML tags.
network
low complexity
sap CWE-79
5.4
2023-04-11 CVE-2023-29109 Improper Neutralization of Formula Elements in a CSV File vulnerability in SAP products
The SAP Application Interface Framework (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 101, SAP_BASIS 755, 756, SAP_ABA 75C, 75D, 75E, application allows an Excel formula injection.
network
low complexity
sap CWE-1236
4.6
2023-03-14 CVE-2023-25615 SQL Injection vulnerability in SAP Abap Platform
Due to insufficient input sanitization, SAP ABAP - versions 751, 753, 753, 754, 756, 757, 791, allows an authenticated high privileged user to alter the current session of the user by injecting the malicious database queries over the network and gain access to the unintended data.
network
low complexity
sap CWE-89
4.9
2020-08-12 CVE-2020-6310 Unspecified vulnerability in SAP Abap Platform and Netweaver Application Server Abap
Improper access control in SOA Configuration Trace component in SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 702, 730, 731, 740, 750, allows any authenticated user to enumerate all SAP users, leading to Information Disclosure.
network
low complexity
sap
4.3
2020-08-12 CVE-2020-6299 Unspecified vulnerability in SAP Abap Platform and Netweaver Application Server Abap
SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 740, 750, 751, 752, 753, 754, 755, allows a business user to access the list of users in the given system using value help, leading to Information Disclosure.
network
low complexity
sap
4.3
2020-02-12 CVE-2020-6181 Unspecified vulnerability in SAP Abap Platform and Netweaver
Under some circumstances the SAML SSO implementation in the SAP NetWeaver (SAP_BASIS versions 702, 730, 731, 740 and SAP ABAP Platform (SAP_BASIS versions 750, 751, 752, 753, 754), allows an attacker to include invalidated data in the HTTP response header sent to a Web user, leading to HTTP Response Splitting vulnerability.
network
low complexity
sap
5.8