Vulnerabilities > SAP > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-10 | CVE-2020-6263 | Improper Authentication vulnerability in SAP Netweaver Application Server Java Standalone clients connecting to SAP NetWeaver AS Java via P4 Protocol, versions (SAP-JEECOR 7.00, 7.01; SERVERCOR 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; CORE-TOOLS 7.00, 7.01, 7.02, 7.05, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50) do not perform any authentication checks for operations that require user identity leading to Authentication Bypass. | 7.5 |
| 2020-06-09 | CVE-2020-6265 | Use of Hard-coded Credentials vulnerability in SAP Commerce and Commerce Data HUB SAP Commerce, versions - 6.7, 1808, 1811, 1905, and SAP Commerce (Data Hub), versions - 6.7, 1808, 1811, 1905, allows an attacker to bypass the authentication and/or authorization that has been configured by the system administrator due to the use of Hardcoded Credentials. | 7.5 |
| 2020-05-12 | CVE-2020-6240 | Unspecified vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver AS ABAP (Web Dynpro ABAP), versions (SAP_UI 750, 752, 753, 754 and SAP_BASIS 700, 710, 730, 731, 804) allows an unauthenticated attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service leading to Denial of Service | 7.5 |
| 2020-03-10 | CVE-2020-6198 | Improper Authentication vulnerability in SAP Solution Manager 7.20 SAP Solution Manager (Diagnostics Agent), version 720, allows unencrypted connections from unauthenticated sources. | 7.5 |
| 2020-02-05 | CVE-2011-1517 | Remote Code Execution and Denial of Service vulnerability in SAP Netweaver 7.0 SAP NetWeaver 7.0 allows Remote Code Execution and Denial of Service caused by an error in the DiagTraceHex() function. | 7.5 |
| 2019-12-11 | CVE-2019-0403 | Improper Neutralization of Formula Elements in a CSV File vulnerability in SAP Enable NOW 1902/1908 SAP Enable Now, before version 1911, allows an attacker to input commands into the CSV files, which will be executed when opened, leading to CSV Command Injection. | 7.5 |
| 2019-09-10 | CVE-2019-0365 | Unspecified vulnerability in SAP products SAP Kernel (RFC), KRNL32NUC, KRNL32UC and KRNL64NUC before versions 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64UC, before versions 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73 and KERNEL before versions 7.21, 7.49, 7.53, 7.73, 7.76 SAP GUI for Windows (BC-FES-GUI) before versions 7.5, 7.6, and SAP GUI for Java (BC-FES-JAV) before version 7.5, allow an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. | 7.8 |
| 2019-09-10 | CVE-2019-0357 | Unspecified vulnerability in SAP Hana 1.0/2.0 The administrator of SAP HANA database, before versions 1.0 and 2.0, can misuse HANA to execute commands with operating system "root" privileges. | 7.2 |
| 2019-06-12 | CVE-2019-0304 | Code Injection vulnerability in SAP products FTP Function of SAP NetWeaver AS ABAP Platform, versions- KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, allows an attacker to inject code or specifically manipulated command that can be executed by the application. | 7.5 |
| 2019-02-15 | CVE-2019-0261 | Missing Authentication for Critical Function vulnerability in SAP Landscape Management 3.0 Under certain circumstances, SAP HANA Extended Application Services, advanced model (XS advanced) does not perform authentication checks properly for XS advanced platform and business users. | 7.5 |