Vulnerabilities > SAP > High

DATE CVE VULNERABILITY TITLE RISK
2020-06-10 CVE-2020-6263 Improper Authentication vulnerability in SAP Netweaver Application Server Java
Standalone clients connecting to SAP NetWeaver AS Java via P4 Protocol, versions (SAP-JEECOR 7.00, 7.01; SERVERCOR 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; CORE-TOOLS 7.00, 7.01, 7.02, 7.05, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50) do not perform any authentication checks for operations that require user identity leading to Authentication Bypass.
network
low complexity
sap CWE-287
7.5
2020-06-09 CVE-2020-6265 Use of Hard-coded Credentials vulnerability in SAP Commerce and Commerce Data HUB
SAP Commerce, versions - 6.7, 1808, 1811, 1905, and SAP Commerce (Data Hub), versions - 6.7, 1808, 1811, 1905, allows an attacker to bypass the authentication and/or authorization that has been configured by the system administrator due to the use of Hardcoded Credentials.
network
low complexity
sap CWE-798
7.5
2020-05-12 CVE-2020-6240 Unspecified vulnerability in SAP Netweaver Application Server Abap
SAP NetWeaver AS ABAP (Web Dynpro ABAP), versions (SAP_UI 750, 752, 753, 754 and SAP_BASIS 700, 710, 730, 731, 804) allows an unauthenticated attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service leading to Denial of Service
network
low complexity
sap
7.5
2020-03-10 CVE-2020-6198 Improper Authentication vulnerability in SAP Solution Manager 7.20
SAP Solution Manager (Diagnostics Agent), version 720, allows unencrypted connections from unauthenticated sources.
network
low complexity
sap CWE-287
7.5
2020-02-05 CVE-2011-1517 Remote Code Execution and Denial of Service vulnerability in SAP Netweaver 7.0
SAP NetWeaver 7.0 allows Remote Code Execution and Denial of Service caused by an error in the DiagTraceHex() function.
network
low complexity
sap
7.5
2019-12-11 CVE-2019-0403 Improper Neutralization of Formula Elements in a CSV File vulnerability in SAP Enable NOW 1902/1908
SAP Enable Now, before version 1911, allows an attacker to input commands into the CSV files, which will be executed when opened, leading to CSV Command Injection.
network
low complexity
sap CWE-1236
7.5
2019-09-10 CVE-2019-0365 Unspecified vulnerability in SAP products
SAP Kernel (RFC), KRNL32NUC, KRNL32UC and KRNL64NUC before versions 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64UC, before versions 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73 and KERNEL before versions 7.21, 7.49, 7.53, 7.73, 7.76 SAP GUI for Windows (BC-FES-GUI) before versions 7.5, 7.6, and SAP GUI for Java (BC-FES-JAV) before version 7.5, allow an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.
network
low complexity
sap
7.8
2019-09-10 CVE-2019-0357 Unspecified vulnerability in SAP Hana 1.0/2.0
The administrator of SAP HANA database, before versions 1.0 and 2.0, can misuse HANA to execute commands with operating system "root" privileges.
local
low complexity
sap
7.2
2019-06-12 CVE-2019-0304 Code Injection vulnerability in SAP products
FTP Function of SAP NetWeaver AS ABAP Platform, versions- KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, allows an attacker to inject code or specifically manipulated command that can be executed by the application.
network
low complexity
sap CWE-94
7.5
2019-02-15 CVE-2019-0261 Missing Authentication for Critical Function vulnerability in SAP Landscape Management 3.0
Under certain circumstances, SAP HANA Extended Application Services, advanced model (XS advanced) does not perform authentication checks properly for XS advanced platform and business users.
network
low complexity
sap CWE-306
7.5