Vulnerabilities > SAP

DATE CVE VULNERABILITY TITLE RISK
2020-12-09 CVE-2020-26828 Unrestricted Upload of File with Dangerous Type vulnerability in SAP Disclosure Management 10.1
SAP Disclosure Management, version - 10.1, provides capabilities for authorized users to upload and download content of specific file type.
network
low complexity
sap CWE-434
6.4
2020-12-09 CVE-2020-26826 Unrestricted Upload of File with Dangerous Type vulnerability in SAP Netweaver Application Server Java 7.31/7.40/7.50
Process Integration Monitoring of SAP NetWeaver AS JAVA, versions - 7.31, 7.40, 7.50, allows an attacker to upload any file (including script files) without proper file format validation, leading to Unrestricted File Upload.
network
low complexity
sap CWE-434
6.5
2020-12-09 CVE-2020-26816 Cleartext Storage of Sensitive Information vulnerability in SAP Netweaver Application Server Java
SAP AS JAVA (Key Storage Service), versions - 7.10, 7.11, 7.20 ,7.30, 7.31, 7.40, 7.50, has the key material which is stored in the SAP NetWeaver AS Java Key Storage service stored in the database in the DER encoded format and is not encrypted.
low complexity
sap CWE-312
4.5
2020-11-30 CVE-2020-6317 Information Exposure Through Log Files vulnerability in SAP Adaptive Server Enterprise 15.7/16.0
In certain situations, an attacker with regular user credentials and local access to an ASE cockpit installation can access sensitive information which appears in the installation log files.
low complexity
sap CWE-532
3.5
2020-11-13 CVE-2020-26825 Cross-site Scripting vulnerability in SAP Fiori Launchpad (News Tile Application)
SAP Fiori Launchpad (News tile Application), versions - 750,751,752,753,754,755, allows an unauthorized attacker to use SAP Fiori Launchpad News tile Application to send malicious code, to a different end user (victim), because News tile does not sufficiently encode user controlled inputs, resulting in Reflected Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
6.1
2020-11-10 CVE-2020-6316 Missing Authorization vulnerability in SAP ERP and S/4Hana
SAP ERP and SAP S/4 HANA allows an authenticated user to see cost records to objects to which he has no authorization in PS reporting, leading to Missing Authorization check.
network
low complexity
sap CWE-862
4.3
2020-11-10 CVE-2020-26824 Missing Authentication for Critical Function vulnerability in SAP Solution Manager 7.20
SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Upgrade Legacy Ports Service, this has an impact to the integrity and availability of the service.
network
low complexity
sap CWE-306
critical
10.0
2020-11-10 CVE-2020-26823 Missing Authentication for Critical Function vulnerability in SAP Solution Manager 7.20
SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Upgrade Diagnostics Agent Connection Service, this has an impact to the integrity and availability of the service.
network
low complexity
sap CWE-306
critical
10.0
2020-11-10 CVE-2020-26822 Missing Authentication for Critical Function vulnerability in SAP Solution Manager 7.20
SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Outside Discovery Configuration Service, this has an impact to the integrity and availability of the service.
network
low complexity
sap CWE-306
critical
10.0
2020-11-10 CVE-2020-26821 Missing Authentication for Critical Function vulnerability in SAP Solution Manager 7.20
SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the SVG Converter Service, this has an impact to the integrity and availability of the service.
network
low complexity
sap CWE-306
critical
10.0