Vulnerabilities > SAP

DATE CVE VULNERABILITY TITLE RISK
2020-09-09 CVE-2020-6321 Access of Uninitialized Pointer vulnerability in SAP 3D Visual Enterprise Viewer 9
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated U3D file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
network
low complexity
sap CWE-824
6.5
2020-09-09 CVE-2020-6320 Unspecified vulnerability in SAP Marketing 130/140/150
SAP Marketing (Servlet), version-130,140,150, allows an authenticated attacker to invoke certain functions that are restricted.
network
low complexity
sap
8.1
2020-09-09 CVE-2020-6318 Code Injection vulnerability in SAP Abap Platform
A Remote Code Execution vulnerability exists in the SAP NetWeaver (ABAP Server, up to release 7.40) and ABAP Platform (> release 7.40).Because of this, an attacker can exploit these products via Code Injection, and potentially enabling to take complete control of the products, including viewing, changing, or deleting data by injecting code into the working memory which is subsequently executed by the application.
network
low complexity
sap CWE-94
7.2
2020-09-09 CVE-2020-6314 Improper Input Validation vulnerability in SAP 3D Visual Enterprise Viewer 9
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HPGL file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
network
low complexity
sap CWE-20
4.3
2020-09-09 CVE-2020-6313 Improper Encoding or Escaping of Output vulnerability in SAP Netweaver Application Server Java
SAP NetWeaver Application Server JAVA(XML Forms) versions 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user controlled inputs, which allows an authenticated User with special roles to store malicious content, that when accessed by a victim, can perform malicious actions by executing JavaScript, leading to Stored Cross-Site Scripting.
network
low complexity
sap CWE-116
6.5
2020-09-09 CVE-2020-6312 Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 4.1/4.2
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), versions - 4.1, 4.2, allows an attacker with a non-administrative user account that can edit certain web page properties, can modify how a browser processes particular page elements, leading to stored Cross Site Scripting.
network
low complexity
sap CWE-79
5.4
2020-09-09 CVE-2020-6302 Unspecified vulnerability in SAP Commerce
SAP Commerce versions 6.7, 1808, 1811, 1905, 2005 contains the jSession ID in the backoffice URL when the application is loaded initially.
network
high complexity
sap
8.1
2020-09-09 CVE-2020-6288 Unrestricted Upload of File with Dangerous Type vulnerability in SAP Businessobjects Business Intelligence Platform 4.1/4.2
SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface) allows an attacker with edit document rights to upload any file (including script files) without proper file format validation leading to Unrestricted upload of file with dangerous type vulnerability.
network
low complexity
sap CWE-434
5.3
2020-09-09 CVE-2020-6283 Cross-site Scripting vulnerability in SAP Fiori Launchpad
SAP Fiori Launchpad does not sufficiently encode user controlled inputs, and hence allowing the attacker to inject the meta tag into the launchpad html using the vulnerable parameter, resulting in reflected Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
6.1
2020-08-12 CVE-2020-6310 Unspecified vulnerability in SAP Abap Platform and Netweaver Application Server Abap
Improper access control in SOA Configuration Trace component in SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 702, 730, 731, 740, 750, allows any authenticated user to enumerate all SAP users, leading to Information Disclosure.
network
low complexity
sap
4.3