Vulnerabilities > SAP
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-10 | CVE-2020-6246 | Cross-site Scripting vulnerability in SAP Netweaver AS Abap Business Server Pages SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_TABLE, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability. | 6.1 |
| 2020-06-10 | CVE-2020-6239 | Insufficiently Protected Credentials vulnerability in SAP Business ONE 10.0/9.3 Under certain conditions SAP Business One (Backup service), versions 9.3, 10.0, allows an attacker with admin permissions to view SYSTEM user password in clear text, leading to Information Disclosure. | 4.4 |
| 2020-06-09 | CVE-2020-6265 | Use of Hard-coded Credentials vulnerability in SAP Commerce and Commerce Data HUB SAP Commerce, versions - 6.7, 1808, 1811, 1905, and SAP Commerce (Data Hub), versions - 6.7, 1808, 1811, 1905, allows an attacker to bypass the authentication and/or authorization that has been configured by the system administrator due to the use of Hardcoded Credentials. | 9.8 |
| 2020-05-12 | CVE-2020-6262 | Code Injection vulnerability in SAP Application Server Service Data Download in SAP Application Server ABAP (ST-PI, before versions 2008_1_46C, 2008_1_620, 2008_1_640, 2008_1_700, 2008_1_710, 740) allows an attacker to inject code that can be executed by the application. | 8.8 |
| 2020-05-12 | CVE-2020-6259 | Missing Authorization vulnerability in SAP Adaptive Server Enterprise 15.7/16.0 Under certain conditions SAP Adaptive Server Enterprise, versions 15.7, 16.0, allows an attacker to access information which would otherwise be restricted leading to Missing Authorization Check. | 6.5 |
| 2020-05-12 | CVE-2020-6258 | Missing Authorization vulnerability in SAP Identity Management 8.0 SAP Identity Management, version 8.0, does not perform necessary authorization checks for an authenticated user, allowing the attacker to view certain sensitive information of the victim, leading to Missing Authorization Check. | 6.5 |
| 2020-05-12 | CVE-2020-6257 | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 4.2 SAP Business Objects Business Intelligence Platform (CMC and BI Launchpad) 4.2 does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability. | 5.4 |
| 2020-05-12 | CVE-2020-6256 | Missing Authorization vulnerability in SAP Master Data Governance SAP Master Data Governance, versions - 748, 749, 750, 751, 752, 800, 801, 802, 803, 804, allows users to display change request details without having required authorizations, due to Missing Authorization Check. | 4.3 |
| 2020-05-12 | CVE-2020-6254 | Cross-site Scripting vulnerability in SAP Enterprise Threat Detection 1.0/2.0 SAP Enterprise Threat Detection, versions 1.0, 2.0, does not sufficiently encode error response pages in case of errors, allowing XSS payload reflecting in the response, leading to reflected Cross Site Scripting. | 6.1 |
| 2020-05-12 | CVE-2020-6253 | SQL Injection vulnerability in SAP Adaptive Server Enterprise 15.7/16.0 Under certain conditions, SAP Adaptive Server Enterprise (Web Services), versions 15.7, 16.0, allows an authenticated user to execute crafted database queries to elevate their privileges, modify database objects, or execute commands they are not otherwise authorized to execute, leading to SQL Injection. | 7.2 |