Vulnerabilities > SAP
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-02-12 | CVE-2020-6191 | Improper Input Validation vulnerability in SAP Landscape Management 3.0 SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious executables with root privileges in SAP Host Agent via SAP Landscape Management due to Missing Input Validation. | 7.2 |
2020-02-12 | CVE-2020-6190 | Information Exposure vulnerability in SAP Netweaver Application Server Java Certain vulnerable endpoints in SAP NetWeaver AS Java (Heap Dump Application), versions 7.30, 7.31, 7.40, 7.50, provide valuable information about the system like hostname, server node and installation path that could be misused by an attacker leading to Information Disclosure. | 5.8 |
2020-02-12 | CVE-2020-6189 | Information Exposure Through an Error Message vulnerability in SAP Businessobjects Business Intelligence Platform 4.2 Certain settings page(s) in SAP Business Objects Business Intelligence Platform (CMC), version 4.2, generates error messages that can give enterprise private-network related information which would otherwise be restricted leading to Information Disclosure. | 5.3 |
2020-02-12 | CVE-2020-6188 | Missing Authorization vulnerability in SAP ERP and S/4 Hana VAT Pro-Rata reports in SAP ERP (SAP_APPL versions 600, 602, 603, 604, 605, 606, 616 and SAP_FIN versions 617, 618, 700, 720, 730) and SAP S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorization checks for an authenticated user leading to Missing Authorization Check. | 8.8 |
2020-02-12 | CVE-2020-6187 | XXE vulnerability in SAP Netweaver Guided Procedures SAP NetWeaver (Guided Procedures), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML document input from a compromised admin, leading to Denial of Service. | 4.9 |
2020-02-12 | CVE-2020-6186 | Missing Authentication for Critical Function vulnerability in SAP Host Agent 7.21 SAP Host Agent, version 7.21, allows an attacker to cause a slowdown in processing of username/password-based authentication requests of the SAP Host Agent, leading to Denial of Service. | 7.5 |
2020-02-12 | CVE-2020-6185 | Cross-site Scripting vulnerability in SAP Netweaver and S/4Hana Under certain conditions ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS versions 7.50, 7.51, 7.52, 7.53, 7.54), allows an authenticated attacker to store a malicious payload which results in Stored Cross Site Scripting vulnerability. | 5.4 |
2020-02-12 | CVE-2020-6184 | Cross-site Scripting vulnerability in SAP Netweaver and S/4Hana Under certain conditions, ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS versions 7.50, 7.51, 7.52, 7.53, 7.54), does not sufficiently encode user-controlled inputs, resulting in Reflected Cross-Site Scripting (XSS) vulnerability. | 6.1 |
2020-02-12 | CVE-2020-6183 | Missing Authorization vulnerability in SAP Host Agent 7.21 SAP Host Agent, version 7.21, allows an unprivileged user to read the shared memory or write to the shared memory by sending request to the main SAPOSCOL process and receive responses that may contain data read with user root privileges e.g. | 6.5 |
2020-02-12 | CVE-2020-6181 | Unspecified vulnerability in SAP Abap Platform and Netweaver Under some circumstances the SAML SSO implementation in the SAP NetWeaver (SAP_BASIS versions 702, 730, 731, 740 and SAP ABAP Platform (SAP_BASIS versions 750, 751, 752, 753, 754), allows an attacker to include invalidated data in the HTTP response header sent to a Web user, leading to HTTP Response Splitting vulnerability. | 5.8 |