Vulnerabilities > SAP

DATE CVE VULNERABILITY TITLE RISK
2020-05-12 CVE-2020-6247 Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 4.2
SAP Business Objects Business Intelligence Platform, version 4.2, allows an unauthenticated attacker to prevent legitimate users from accessing a service.
network
low complexity
sap
7.5
2020-05-12 CVE-2020-6245 Injection vulnerability in SAP Businessobjects Business Intelligence Platform 4.2
SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker with access to local instance, to inject file or code that can be executed by the application due to Improper Control of Resource Identifiers.
local
low complexity
sap CWE-74
6.7
2020-05-12 CVE-2020-6244 Uncontrolled Search Path Element vulnerability in SAP Business Client 7.0
SAP Business Client, version 7.0, allows an attacker after a successful social engineering attack to inject malicious code as a DLL file in untrusted directories that can be executed by the application, due to uncontrolled search path element.
local
low complexity
sap CWE-427
7.8
2020-05-12 CVE-2020-6243 Code Injection vulnerability in SAP Adaptive Server Enterprise 15.7/16.0
Under certain conditions, SAP Adaptive Server Enterprise (XP Server on Windows Platform), versions 15.7, 16.0, does not perform the necessary checks for an authenticated user while executing the extended stored procedure, allowing an attacker to read, modify, delete restricted data on connected servers, leading to Code Injection.
network
low complexity
sap CWE-94
8.8
2020-05-12 CVE-2020-6242 Missing Authentication for Critical Function vulnerability in SAP Businessobjects Business Intelligence Platform
SAP Business Objects Business Intelligence Platform (Live Data Connect), versions 1.0, 2.0, 2.1, 2.2, 2.3, allows an attacker to logon on the Central Management Console without password in case of the BIPRWS application server was not protected with some specific certificate, leading to Missing Authentication Check.
network
low complexity
sap CWE-306
critical
9.8
2020-05-12 CVE-2020-6241 SQL Injection vulnerability in SAP Adaptive Server Enterprise 16.0
SAP Adaptive Server Enterprise, version 16.0, allows an authenticated user to execute crafted database queries to elevate privileges of users in the system, leading to SQL Injection.
network
low complexity
sap CWE-89
8.8
2020-05-12 CVE-2020-6240 Unspecified vulnerability in SAP Netweaver Application Server Abap
SAP NetWeaver AS ABAP (Web Dynpro ABAP), versions (SAP_UI 750, 752, 753, 754 and SAP_BASIS 700, 710, 730, 731, 804) allows an unauthenticated attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service leading to Denial of Service
network
low complexity
sap
7.5
2020-04-24 CVE-2020-6213 Cross-site Scripting vulnerability in SAP Netweaver AS Abap Business Server Pages
SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_PHTMLB, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, is vulnerable to reflected Cross-Site Scripting (XSS) via different URL parameters as it does not sufficiently encode user controlled inputs.
network
low complexity
sap CWE-79
6.1
2020-04-24 CVE-2020-6212 Missing Authorization vulnerability in SAP ERP and S/4Hana
Egypt localized withholding tax reports Clearing of Liabilities and Remittance Statement and Summary in SAP ERP (versions 618, 730, EAPPLGLO 607) and S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorization checks for an authenticated user, allowing reading or modification of some tax reports, due to Missing Authorization Check.
network
low complexity
sap CWE-862
5.4
2020-04-14 CVE-2020-6225 Path Traversal vulnerability in SAP products
SAP NetWeaver (Knowledge Management), versions (KMC-CM - 7.00, 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 and KMC-WPC 7.30, 7.31, 7.40, 7.50), does not sufficiently validate path information provided by users, thus characters representing traverse to parent directory are passed through to the file APIs, allowing the attacker to overwrite, delete, or corrupt arbitrary files on the remote server, leading to Path Traversal.
network
low complexity
sap CWE-22
8.8