Vulnerabilities > SAP
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-09 | CVE-2020-26828 | Unrestricted Upload of File with Dangerous Type vulnerability in SAP Disclosure Management 10.1 SAP Disclosure Management, version - 10.1, provides capabilities for authorized users to upload and download content of specific file type. | 6.4 |
| 2020-12-09 | CVE-2020-26826 | Unrestricted Upload of File with Dangerous Type vulnerability in SAP Netweaver Application Server Java 7.31/7.40/7.50 Process Integration Monitoring of SAP NetWeaver AS JAVA, versions - 7.31, 7.40, 7.50, allows an attacker to upload any file (including script files) without proper file format validation, leading to Unrestricted File Upload. | 6.5 |
| 2020-12-09 | CVE-2020-26816 | Cleartext Storage of Sensitive Information vulnerability in SAP Netweaver Application Server Java SAP AS JAVA (Key Storage Service), versions - 7.10, 7.11, 7.20 ,7.30, 7.31, 7.40, 7.50, has the key material which is stored in the SAP NetWeaver AS Java Key Storage service stored in the database in the DER encoded format and is not encrypted. | 4.5 |
| 2020-11-30 | CVE-2020-6317 | Information Exposure Through Log Files vulnerability in SAP Adaptive Server Enterprise 15.7/16.0 In certain situations, an attacker with regular user credentials and local access to an ASE cockpit installation can access sensitive information which appears in the installation log files. | 3.5 |
| 2020-11-13 | CVE-2020-26825 | Cross-site Scripting vulnerability in SAP Fiori Launchpad (News Tile Application) SAP Fiori Launchpad (News tile Application), versions - 750,751,752,753,754,755, allows an unauthorized attacker to use SAP Fiori Launchpad News tile Application to send malicious code, to a different end user (victim), because News tile does not sufficiently encode user controlled inputs, resulting in Reflected Cross-Site Scripting (XSS) vulnerability. | 6.1 |
| 2020-11-10 | CVE-2020-6316 | Missing Authorization vulnerability in SAP ERP and S/4Hana SAP ERP and SAP S/4 HANA allows an authenticated user to see cost records to objects to which he has no authorization in PS reporting, leading to Missing Authorization check. | 4.3 |
| 2020-11-10 | CVE-2020-26824 | Missing Authentication for Critical Function vulnerability in SAP Solution Manager 7.20 SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Upgrade Legacy Ports Service, this has an impact to the integrity and availability of the service. | 10.0 |
| 2020-11-10 | CVE-2020-26823 | Missing Authentication for Critical Function vulnerability in SAP Solution Manager 7.20 SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Upgrade Diagnostics Agent Connection Service, this has an impact to the integrity and availability of the service. | 10.0 |
| 2020-11-10 | CVE-2020-26822 | Missing Authentication for Critical Function vulnerability in SAP Solution Manager 7.20 SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Outside Discovery Configuration Service, this has an impact to the integrity and availability of the service. | 10.0 |
| 2020-11-10 | CVE-2020-26821 | Missing Authentication for Critical Function vulnerability in SAP Solution Manager 7.20 SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the SVG Converter Service, this has an impact to the integrity and availability of the service. | 10.0 |