Vulnerabilities > SAP

DATE CVE VULNERABILITY TITLE RISK
2020-08-12 CVE-2020-6309 Missing Authentication for Critical Function vulnerability in SAP Netweaver Application Server Java
SAP NetWeaver AS JAVA, versions - (ENGINEAPI 7.10; WSRM 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; J2EE-FRMW 7.10, 7.11), does not perform any authentication checks for a web service allowing the attacker to send several payloads and leading to complete denial of service.
network
low complexity
sap CWE-306
7.5
2020-08-12 CVE-2020-6301 Missing Authorization vulnerability in SAP HCM Travel Management
SAP ERP (HCM Travel Management), versions - 600, 602, 603, 604, 605, 606, 607, 608, allows an authenticated but unauthorized attacker to read, modify and settle trips, resulting in escalation of privileges, due to Missing Authorization Check.
network
low complexity
sap CWE-862
8.1
2020-08-12 CVE-2020-6300 Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 4.2/4.3
SAP Business Objects Business Intelligence Platform (Central Management Console), versions- 4.2, 4.3, allows an attacker with administrator rights can use the web application to send malicious code to a different end user (victim), as it does not sufficiently encode user-controlled inputs for RecycleBin, resulting in Stored Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
4.8
2020-08-12 CVE-2020-6299 Unspecified vulnerability in SAP Abap Platform and Netweaver Application Server Abap
SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 740, 750, 751, 752, 753, 754, 755, allows a business user to access the list of users in the given system using value help, leading to Information Disclosure.
network
low complexity
sap
4.3
2020-08-12 CVE-2020-6298 Missing Authorization vulnerability in SAP Generic Market Data 400/450/500
SAP Banking Services (Generic Market Data), versions - 400, 450, 500, allows an unauthorized user to display protected Business Partner Generic Market Data (GMD) and change related GMD key figure values, due to Missing Authorization Check.
network
low complexity
sap CWE-862
8.1
2020-08-12 CVE-2020-6297 Unspecified vulnerability in SAP Data Intelligence 3.0
Under certain conditions the upgrade of SAP Data Hub 2.7 to SAP Data Intelligence, version - 3.0, allows an attacker to access confidential system configuration information, that should otherwise be restricted, leading to Information Disclosure.
local
low complexity
sap
4.4
2020-08-12 CVE-2020-6296 Unspecified vulnerability in SAP Abap Platform and Netweaver Application Server Abap
SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 753, 755, allows an attacker to inject code that can be executed by the application, leading to Code Injection.
network
low complexity
sap
8.8
2020-08-12 CVE-2020-6295 Incorrect Permission Assignment for Critical Resource vulnerability in SAP Adaptive Server Enterprise 16.0
Under certain conditions the SAP Adaptive Server Enterprise, version 16.0, allows an attacker to access encrypted sensitive and confidential information through publicly readable installation log files leading to a compromise of the installed Cockpit.
local
low complexity
sap CWE-732
7.8
2020-08-12 CVE-2020-6294 Missing Authentication for Critical Function vulnerability in SAP Businessobjects Business Intelligence Platform 4.2/4.3
Xvfb of SAP Business Objects Business Intelligence Platform, versions - 4.2, 4.3, platform on Unix does not perform any authentication checks for functionalities that require user identity.
network
low complexity
sap CWE-306
critical
9.1
2020-08-12 CVE-2020-6293 Unrestricted Upload of File with Dangerous Type vulnerability in SAP Netweaver Knowledge Management
SAP NetWeaver (Knowledge Management), versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to upload a malicious file and also to access, modify or make unavailable existing files but the impact is limited to the files themselves and is restricted by other policies such as access control lists and other upload file size restrictions, leading to Unrestricted File Upload.
network
low complexity
sap CWE-434
6.5