Vulnerabilities > SAP

DATE CVE VULNERABILITY TITLE RISK
2020-04-14 CVE-2020-6217 Cross-site Scripting vulnerability in SAP Netweaver AS Abap Business Server Pages
SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
6.1
2020-04-14 CVE-2020-6215 Open Redirect vulnerability in SAP Netweaver AS Abap Business Server Pages
SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, allows an attacker to redirect users to a malicious site due to insufficient URL validation and steal credentials of the victim, leading to URL Redirection vulnerability.
network
low complexity
sap CWE-601
6.1
2020-04-14 CVE-2020-6211 Open Redirect vulnerability in SAP Businessobjects Business Intelligence Platform 4.1/4.2
SAP Business Objects Business Intelligence Platform (AdminTools), versions 4.1, 4.2, allows an attacker to redirect users to a malicious site due to insufficient URL validation and steal credentials of the victim, leading to URL Redirection vulnerability.
network
low complexity
sap CWE-601
6.1
2020-04-14 CVE-2020-6195 Insufficiently Protected Credentials vulnerability in SAP Businessobjects Business Intelligence Platform 4.1/4.2
SAP Business Objects Business Intelligence Platform (CMC), version 4.1, 4.2, shows cleartext password in the response, leading to Information Disclosure.
network
low complexity
sap CWE-522
critical
9.8
2020-04-14 CVE-2020-6238 XXE vulnerability in SAP Commerce Cloud
SAP Commerce, versions - 6.6, 6.7, 1808, 1811, 1905, does not process XML input securely in the Rest API from Servlet xyformsweb, leading to Missing XML Validation.
network
low complexity
sap CWE-611
critical
9.3
2020-04-14 CVE-2020-6237 Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 4.1/4.2
Under certain conditions, SAP Business Objects Business Intelligence Platform, version 4.1, 4.2, dswsbobje web application allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure.
network
low complexity
sap
7.5
2020-04-14 CVE-2020-6236 Improper Privilege Management vulnerability in SAP Adaptive Extensions and Landscape Management
SAP Landscape Management, version 3.0, and SAP Adaptive Extensions, version 1.0, allows an attacker with admin_group privileges to change ownership and permissions (including S-user ID bit s-bit) of arbitrary files remotely.
network
low complexity
sap CWE-269
7.2
2020-04-14 CVE-2020-6235 Missing Authentication for Critical Function vulnerability in SAP Solution Manager 7.2
SAP Solution Manager (Diagnostics Agent), version 7.2, does not perform the authentication check for the functionalities of the Collector Simulator, leading to Missing Authentication.
network
low complexity
sap CWE-306
8.6
2020-04-14 CVE-2020-6234 Unspecified vulnerability in SAP Host Agent 7.21
SAP Host Agent, version 7.21, allows an attacker with admin privileges to use the operation framework to gain root privileges over the underlying operating system, leading to Privilege Escalation.
network
low complexity
sap
7.2
2020-04-14 CVE-2020-6233 Missing Authorization vulnerability in SAP products
SAP S/4 HANA (Financial Products Subledger and Banking Services), versions - FSAPPL 400, 450, 500 and S4FPSL 100, allows an authenticated user to run an analysis report due to Missing Authorization Check, resulting in slowing the system.
network
low complexity
sap CWE-862
4.3