Vulnerabilities > SAP

DATE CVE VULNERABILITY TITLE RISK
2020-04-14 CVE-2020-6232 Missing Authorization vulnerability in SAP Commerce Cloud 1811/1905
SAP Commerce, versions 1811, 1905, does not perform necessary authorization checks for an anonymous user, due to Missing Authorization Check.
network
low complexity
sap CWE-862
5.3
2020-04-14 CVE-2020-6231 Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 4.2
SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface), version 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
5.4
2020-04-14 CVE-2020-6230 Unspecified vulnerability in SAP Orientdb 3.0
SAP OrientDB, version 3.0, allows an authenticated attacker with script execute/write permissions to inject code that can be executed by the application and lead to Code Injection.
network
low complexity
sap
7.2
2020-04-14 CVE-2020-6229 Cross-site Scripting vulnerability in SAP Netweaver AS Abap Business Server Pages
SAP NetWeaver AS ABAP (Business Server Pages application CRM_BSP_FRAME), versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not sufficiently encode user controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
6.1
2020-04-14 CVE-2020-6228 Improper Validation of Integrity Check Value vulnerability in SAP Business Client 6.5/7.0
SAP Business Client, versions 6.5, 7.0, does not perform necessary integrity checks which could be exploited by an attacker under certain conditions to modify the installer.
network
low complexity
sap CWE-354
7.5
2020-04-14 CVE-2020-6227 Improper Encoding or Escaping of Output vulnerability in SAP Businessobjects Business Intelligence Platform 4.2
SAP Business Objects Business Intelligence Platform (CMS / Auditing issues), version 4.2, allows attacker to send specially crafted GIOP packets to several services due to Improper Input Validation, allowing to forge additional entries in GLF log files.
network
low complexity
sap CWE-116
7.5
2020-04-14 CVE-2020-6226 Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 4.2
SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface), version 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
5.4
2020-04-14 CVE-2020-6224 Information Exposure Through Log Files vulnerability in SAP Netweaver Application Server Java
SAP NetWeaver AS Java (HTTP Service), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker with administrator privileges to access user sensitive data such as passwords in trace files, when the user logs in and sends request with login credentials, leading to Information Disclosure.
network
low complexity
sap CWE-532
6.2
2020-04-14 CVE-2020-6223 Open Redirect vulnerability in SAP Businessobjects Business Intelligence Platform 4.1/4.2
The open document of SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, allows an attacker to modify certain error pages to include malicious content.
network
low complexity
sap CWE-601
6.1
2020-04-14 CVE-2020-6222 Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 4.1/4.2
SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface), versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
5.4