Vulnerabilities > SAP

DATE CVE VULNERABILITY TITLE RISK
2020-10-15 CVE-2020-6375 Improper Input Validation vulnerability in SAP 3D Visual Enterprise Viewer 9
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated Right Computer Graphics Metafile (.cgm) file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
local
low complexity
sap CWE-20
5.5
2020-10-15 CVE-2020-6374 Out-of-bounds Read vulnerability in SAP 3D Visual Enterprise Viewer 9
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated Jupiter Tessallation(.jt) file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
local
low complexity
sap CWE-125
7.8
2020-10-15 CVE-2020-6373 Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Viewer 9
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PDF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
local
low complexity
sap CWE-787
7.8
2020-10-15 CVE-2020-6372 Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Viewer 9
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PDF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
local
low complexity
sap CWE-787
7.8
2020-10-15 CVE-2020-6371 Unspecified vulnerability in SAP Netweaver Application Server Abap
User enumeration vulnerability can be exploited to get a list of user accounts and personal user information can be exposed in SAP NetWeaver Application Server ABAP (POWL test application) versions - 710, 711, 730, 731, 740, 750, leading to Information Disclosure.
network
low complexity
sap
4.3
2020-10-15 CVE-2020-6368 Cross-site Scripting vulnerability in SAP Business Planning and Consolidation
SAP Business Planning and Consolidation, versions - 750, 751, 752, 753, 754, 755, 810, 100, 200, can be abused by an attacker, allowing them to modify displayed application content without authorization, and to potentially obtain authentication information from other legitimate users, leading to Cross Site Scripting.
network
low complexity
sap CWE-79
5.4
2020-10-15 CVE-2020-6364 OS Command Injection vulnerability in SAP Introscope Enterprise Manager
SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an attacker to modify a cookie in a way that OS commands can be executed and potentially gain control over the host running the CA Introscope Enterprise Manager,leading to Code Injection.
network
low complexity
sap CWE-78
critical
10.0
2020-10-15 CVE-2020-6363 Insufficient Session Expiration vulnerability in SAP Commerce Cloud
SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, exposes several web applications that maintain sessions with a user.
network
low complexity
sap CWE-613
4.6
2020-10-15 CVE-2020-6323 Cross-site Scripting vulnerability in SAP Netweaver Enterprise Portal 7.31/7.40/7.50
SAP NetWeaver Enterprise Portal (Fiori Framework Page) versions - 7.50, 7.31, 7.40, does not sufficiently encode user-controlled inputs and allows an attacker on a valid session to create an XSS that will be both reflected immediately and also be persisted and returned in further access to the system, resulting in Cross Site Scripting.
network
low complexity
sap CWE-79
6.1
2020-10-15 CVE-2020-6319 Cross-site Scripting vulnerability in SAP Netweaver Application Server Java
SAP NetWeaver Application Server Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50 allows an unauthenticated attacker to include JavaScript blocks in any web page or URL with different symbols which are otherwise not allowed.
network
low complexity
sap CWE-79
6.1