Vulnerabilities > SAP > Netweaver Application Server Abap > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-09 | CVE-2020-26835 | Cross-site Scripting vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver AS ABAP, versions - 740, 750, 751, 752, 753, 754 , does not sufficiently encode URL which allows an attacker to input malicious java script in the URL which could be executed in the browser resulting in Reflected Cross-Site Scripting (XSS) vulnerability. | 6.1 |
| 2020-10-15 | CVE-2020-6371 | Unspecified vulnerability in SAP Netweaver Application Server Abap User enumeration vulnerability can be exploited to get a list of user accounts and personal user information can be exposed in SAP NetWeaver Application Server ABAP (POWL test application) versions - 710, 711, 730, 731, 740, 750, leading to Information Disclosure. | 4.3 |
| 2020-08-12 | CVE-2020-6310 | Unspecified vulnerability in SAP Abap Platform and Netweaver Application Server Abap Improper access control in SOA Configuration Trace component in SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 702, 730, 731, 740, 750, allows any authenticated user to enumerate all SAP users, leading to Information Disclosure. | 4.3 |
| 2020-08-12 | CVE-2020-6299 | Unspecified vulnerability in SAP Abap Platform and Netweaver Application Server Abap SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 740, 750, 751, 752, 753, 754, 755, allows a business user to access the list of users in the given system using value help, leading to Information Disclosure. | 4.3 |
| 2020-06-10 | CVE-2020-6270 | Missing Authorization vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver AS ABAP (Banking Services), versions - 710, 711, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not perform necessary authorization checks for an authenticated user due to Missing Authorization Check, allowing wrong and unexpected change of individual conditions by a malicious user leading to wrong prices. | 6.5 |
| 2019-07-10 | CVE-2019-0321 | Cross-site Scripting vulnerability in SAP products ABAP Server and ABAP Platform (SAP Basis), versions, 7.31, 7.4, 7.5, do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 6.1 |