Vulnerabilities > SAP
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-12 | CVE-2020-6177 | Improper Input Validation vulnerability in SAP Mobile Platform 3.0 SAP Mobile Platform, version 3.0, does not sufficiently validate an XML document accepted from an untrusted source which could lead to partial denial of service. | 4.3 |
| 2020-02-05 | CVE-2011-1517 | Unspecified vulnerability in SAP Netweaver 7.0 SAP NetWeaver 7.0 allows Remote Code Execution and Denial of Service caused by an error in the DiagTraceHex() function. | 9.8 |
| 2020-01-23 | CVE-2013-1593 | Improper Validation of Array Index vulnerability in SAP Netweaver A Denial of Service vulnerability exists in the WRITE_C function in the msg_server.exe module in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04 when sending a crafted SAP Message Server packet to TCP ports 36NN and/or 39NN. | 7.5 |
| 2020-01-23 | CVE-2013-1592 | Classic Buffer Overflow vulnerability in SAP Netweaver A Buffer Overflow vulnerability exists in the Message Server service _MsJ2EE_AddStatistics() function when sending specially crafted SAP Message Server packets to remote TCP ports 36NN and/or 39NN in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04, which could let a remote malicious user execute arbitrary code. | 9.8 |
| 2020-01-14 | CVE-2020-6307 | Incorrect Authorization vulnerability in SAP Basis Automated Note Search Tool (update provided in SAP Basis 7.0, 7.01, 7.02, 7.31, 7.4, 7.5, 7.51, 7.52, 7.53 and 7.54) does not perform sufficient authorization checks leading to the reading of sensitive information. | 4.3 |
| 2020-01-14 | CVE-2020-6306 | Missing Authorization vulnerability in SAP Leasing Missing authorization check in a transaction within SAP Leasing (update provided in SAP_APPL 6.18, EA-APPL 6.0, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16 and 6.17). | 2.7 |
| 2020-01-14 | CVE-2020-6305 | Cross-site Scripting vulnerability in SAP Process Integration 7.31/7.40/7.50 PI Rest Adapter of SAP Process Integration (update provided in SAP_XIAF 7.31, 7.40, 7.50) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 6.1 |
| 2020-01-14 | CVE-2020-6304 | Improper Input Validation vulnerability in SAP products Improper input validation in SAP NetWeaver Internet Communication Manager (update provided in KRNL32NUC & KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT KRNL64NUC & KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49 KERNEL 7.21, 7.49, 7.53) allows an attacker to prevent users from accessing its services through a denial of service. | 7.5 |
| 2020-01-14 | CVE-2020-6303 | Cross-site Scripting vulnerability in SAP Disclosure Management SAP Disclosure Management, before version 10.1, does not validate user input properly in specific use cases leading to Cross-Site Scripting. | 5.4 |
| 2019-12-17 | CVE-2019-0384 | Incorrect Authorization vulnerability in SAP products Transaction Management in SAP Treasury and Risk Management (corrected in S4CORE versions 1.01, 1.02, 1.03, 1.04 and EA-FINSERV versions 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for functionalities that require user identity. | 8.8 |