Vulnerabilities > SAP
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-04-14 | CVE-2020-6232 | Missing Authorization vulnerability in SAP Commerce Cloud 1811/1905 SAP Commerce, versions 1811, 1905, does not perform necessary authorization checks for an anonymous user, due to Missing Authorization Check. | 5.3 |
2020-04-14 | CVE-2020-6231 | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 4.2 SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface), version 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 5.4 |
2020-04-14 | CVE-2020-6230 | Unspecified vulnerability in SAP Orientdb 3.0 SAP OrientDB, version 3.0, allows an authenticated attacker with script execute/write permissions to inject code that can be executed by the application and lead to Code Injection. | 7.2 |
2020-04-14 | CVE-2020-6229 | Cross-site Scripting vulnerability in SAP Netweaver AS Abap Business Server Pages SAP NetWeaver AS ABAP (Business Server Pages application CRM_BSP_FRAME), versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not sufficiently encode user controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability. | 6.1 |
2020-04-14 | CVE-2020-6228 | Improper Validation of Integrity Check Value vulnerability in SAP Business Client 6.5/7.0 SAP Business Client, versions 6.5, 7.0, does not perform necessary integrity checks which could be exploited by an attacker under certain conditions to modify the installer. | 7.5 |
2020-04-14 | CVE-2020-6227 | Improper Encoding or Escaping of Output vulnerability in SAP Businessobjects Business Intelligence Platform 4.2 SAP Business Objects Business Intelligence Platform (CMS / Auditing issues), version 4.2, allows attacker to send specially crafted GIOP packets to several services due to Improper Input Validation, allowing to forge additional entries in GLF log files. | 7.5 |
2020-04-14 | CVE-2020-6226 | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 4.2 SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface), version 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 5.4 |
2020-04-14 | CVE-2020-6224 | Information Exposure Through Log Files vulnerability in SAP Netweaver Application Server Java SAP NetWeaver AS Java (HTTP Service), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker with administrator privileges to access user sensitive data such as passwords in trace files, when the user logs in and sends request with login credentials, leading to Information Disclosure. | 6.2 |
2020-04-14 | CVE-2020-6223 | Open Redirect vulnerability in SAP Businessobjects Business Intelligence Platform 4.1/4.2 The open document of SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, allows an attacker to modify certain error pages to include malicious content. | 6.1 |
2020-04-14 | CVE-2020-6222 | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 4.1/4.2 SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface), versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 5.4 |