Vulnerabilities > SAP > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-12 | CVE-2020-6294 | Missing Authentication for Critical Function vulnerability in SAP Businessobjects Business Intelligence Platform 4.2/4.3 Xvfb of SAP Business Objects Business Intelligence Platform, versions - 4.2, 4.3, platform on Unix does not perform any authentication checks for functionalities that require user identity. | 9.1 |
| 2020-07-14 | CVE-2020-6287 | Missing Authentication for Critical Function vulnerability in SAP Netweaver Application Server Java SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create an administrative user, and therefore compromising Confidentiality, Integrity and Availability of the system, leading to Missing Authentication Check. | 10.0 |
| 2020-06-10 | CVE-2020-6275 | Server-Side Request Forgery (SSRF) vulnerability in SAP Netweaver Application Server Abap SAP Netweaver AS ABAP, versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, are vulnerable for Server Side Request Forgery Attack where in an attacker can use inappropriate path names containing malicious server names in the import/export of sessions functionality and coerce the web server into authenticating with the malicious server. | 9.8 |
| 2020-05-12 | CVE-2020-6242 | Missing Authentication for Critical Function vulnerability in SAP Businessobjects Business Intelligence Platform SAP Business Objects Business Intelligence Platform (Live Data Connect), versions 1.0, 2.0, 2.1, 2.2, 2.3, allows an attacker to logon on the Central Management Console without password in case of the BIPRWS application server was not protected with some specific certificate, leading to Missing Authentication Check. | 9.8 |
| 2020-04-14 | CVE-2020-6238 | XXE vulnerability in SAP Commerce Cloud SAP Commerce, versions - 6.6, 6.7, 1808, 1811, 1905, does not process XML input securely in the Rest API from Servlet xyformsweb, leading to Missing XML Validation. | 9.3 |
| 2020-03-10 | CVE-2020-6207 | Missing Authentication for Critical Function vulnerability in SAP Solution Manager 7.20 SAP Solution Manager (User Experience Monitoring), version- 7.2, due to Missing Authentication Check does not perform any authentication for a service resulting in complete compromise of all SMDAgents connected to the Solution Manager. | 10.0 |
| 2020-02-12 | CVE-2020-6191 | Improper Input Validation vulnerability in SAP Landscape Management 3.0 SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious executables with root privileges in SAP Host Agent via SAP Landscape Management due to Missing Input Validation. | 9.0 |
| 2020-02-12 | CVE-2020-6192 | Improper Input Validation vulnerability in SAP Landscape Management 3.0 SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious commands with root privileges in SAP Host Agent via SAP Landscape Management. | 9.0 |
| 2020-01-23 | CVE-2013-1592 | Classic Buffer Overflow vulnerability in SAP Netweaver A Buffer Overflow vulnerability exists in the Message Server service _MsJ2EE_AddStatistics() function when sending specially crafted SAP Message Server packets to remote TCP ports 36NN and/or 39NN in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04, which could let a remote malicious user execute arbitrary code. | 10.0 |
| 2019-07-10 | CVE-2019-0328 | OS Command Injection vulnerability in SAP Netweaver Process Integration ABAP Tests Modules (SAP Basis, versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5) of SAP NetWeaver Process Integration enables an attacker the execution of OS commands with privileged rights. | 9.0 |