Vulnerabilities > SAP > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-11-10 | CVE-2020-26818 | Missing Authorization vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, which reveals sensitive system information that would otherwise be restricted to highly privileged users because of missing authorization, resulting in Information Disclosure. | 8.8 |
2020-11-10 | CVE-2020-26817 | Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Viewer 9 SAP 3D Visual Enterprise Viewer, version - 9, allows an user to open manipulated HPGL file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | 7.8 |
2020-11-10 | CVE-2020-26815 | Server-Side Request Forgery (SSRF) vulnerability in SAP Fiori Launchpad (News Tile Application) SAP Fiori Launchpad (News tile Application), versions - 750,751,752,753,754,755, allows an unauthorized attacker to send a crafted request to a vulnerable web application. | 8.6 |
2020-11-10 | CVE-2020-26810 | Unspecified vulnerability in SAP Commerce Cloud (Accelerator Payment Mock) SAP Commerce Cloud (Accelerator Payment Mock), versions - 1808, 1811, 1905, 2005, allows an unauthenticated attacker to submit a crafted request over a network to a particular SAP Commerce module URL which will be processed without further interaction, the crafted request can render the SAP Commerce service itself unavailable leading to Denial of Service with no impact on confidentiality or integrity. | 7.5 |
2020-11-10 | CVE-2020-26808 | Unspecified vulnerability in SAP AS Abap(Dmis) and SAP S4 Hana(Dmis) SAP AS ABAP(DMIS), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SAP S4 HANA(DMIS), versions - 101, 102, 103, 104, 105, allows an authenticated attacker to inject arbitrary code into function module leading to code injection that can be executed in the application which affects the confidentiality, availability and integrity of the application. | 7.2 |
2020-10-15 | CVE-2020-6374 | Out-of-bounds Read vulnerability in SAP 3D Visual Enterprise Viewer 9 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated Jupiter Tessallation(.jt) file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | 7.8 |
2020-10-15 | CVE-2020-6373 | Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Viewer 9 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PDF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | 7.8 |
2020-10-15 | CVE-2020-6372 | Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Viewer 9 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PDF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | 7.8 |
2020-09-09 | CVE-2020-6320 | Unspecified vulnerability in SAP Marketing 130/140/150 SAP Marketing (Servlet), version-130,140,150, allows an authenticated attacker to invoke certain functions that are restricted. | 8.1 |
2020-09-09 | CVE-2020-6318 | Code Injection vulnerability in SAP Abap Platform A Remote Code Execution vulnerability exists in the SAP NetWeaver (ABAP Server, up to release 7.40) and ABAP Platform (> release 7.40).Because of this, an attacker can exploit these products via Code Injection, and potentially enabling to take complete control of the products, including viewing, changing, or deleting data by injecting code into the working memory which is subsequently executed by the application. | 7.2 |