Vulnerabilities > SAP

DATE CVE VULNERABILITY TITLE RISK
2020-04-14 CVE-2020-6237 Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 4.1/4.2
Under certain conditions, SAP Business Objects Business Intelligence Platform, version 4.1, 4.2, dswsbobje web application allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure.
network
low complexity
sap
7.5
2020-04-14 CVE-2020-6236 Improper Privilege Management vulnerability in SAP Adaptive Extensions and Landscape Management
SAP Landscape Management, version 3.0, and SAP Adaptive Extensions, version 1.0, allows an attacker with admin_group privileges to change ownership and permissions (including S-user ID bit s-bit) of arbitrary files remotely.
network
low complexity
sap CWE-269
7.2
2020-04-14 CVE-2020-6235 Missing Authentication for Critical Function vulnerability in SAP Solution Manager 7.2
SAP Solution Manager (Diagnostics Agent), version 7.2, does not perform the authentication check for the functionalities of the Collector Simulator, leading to Missing Authentication.
network
low complexity
sap CWE-306
8.6
2020-04-14 CVE-2020-6234 Unspecified vulnerability in SAP Host Agent 7.21
SAP Host Agent, version 7.21, allows an attacker with admin privileges to use the operation framework to gain root privileges over the underlying operating system, leading to Privilege Escalation.
network
low complexity
sap
7.2
2020-04-14 CVE-2020-6233 Missing Authorization vulnerability in SAP products
SAP S/4 HANA (Financial Products Subledger and Banking Services), versions - FSAPPL 400, 450, 500 and S4FPSL 100, allows an authenticated user to run an analysis report due to Missing Authorization Check, resulting in slowing the system.
network
low complexity
sap CWE-862
4.3
2020-04-14 CVE-2020-6232 Missing Authorization vulnerability in SAP Commerce Cloud 1811/1905
SAP Commerce, versions 1811, 1905, does not perform necessary authorization checks for an anonymous user, due to Missing Authorization Check.
network
low complexity
sap CWE-862
5.3
2020-04-14 CVE-2020-6231 Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 4.2
SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface), version 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
5.4
2020-04-14 CVE-2020-6230 Unspecified vulnerability in SAP Orientdb 3.0
SAP OrientDB, version 3.0, allows an authenticated attacker with script execute/write permissions to inject code that can be executed by the application and lead to Code Injection.
network
low complexity
sap
7.2
2020-04-14 CVE-2020-6229 Cross-site Scripting vulnerability in SAP Netweaver AS Abap Business Server Pages
SAP NetWeaver AS ABAP (Business Server Pages application CRM_BSP_FRAME), versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not sufficiently encode user controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
6.1
2020-04-14 CVE-2020-6228 Improper Validation of Integrity Check Value vulnerability in SAP Business Client 6.5/7.0
SAP Business Client, versions 6.5, 7.0, does not perform necessary integrity checks which could be exploited by an attacker under certain conditions to modify the installer.
network
low complexity
sap CWE-354
7.5