Vulnerabilities > SAP > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-10 | CVE-2020-6271 | XML Injection (aka Blind XPath Injection) vulnerability in SAP Solution Manager 7.2 SAP Solution Manager (Problem Context Manager), version 7.2, does not perform the necessary authentication, allowing an attacker to consume large amounts of memory, causing the system to crash and read restricted data (files visible for technical administration users of the diagnostics agent). | 8.2 |
| 2020-06-10 | CVE-2020-6268 | Missing Authorization vulnerability in SAP ERP (Ea-Finserv) and ERP (S4Core) Statutory Reporting for Insurance Companies in SAP ERP (EA-FINSERV versions - 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104) does not execute the required authorization checks for an authenticated user, allowing an attacker to view and tamper with certain restricted data leading to Missing Authorization Check. | 8.1 |
| 2020-06-10 | CVE-2020-6264 | Unspecified vulnerability in SAP Commerce SAP Commerce, versions - 6.7, 1808, 1811, 1905, may allow an attacker to access information under certain conditions which would otherwise be restricted, leading to Information Disclosure. | 7.5 |
| 2020-05-12 | CVE-2020-6262 | Code Injection vulnerability in SAP Application Server Service Data Download in SAP Application Server ABAP (ST-PI, before versions 2008_1_46C, 2008_1_620, 2008_1_640, 2008_1_700, 2008_1_710, 740) allows an attacker to inject code that can be executed by the application. | 8.8 |
| 2020-05-12 | CVE-2020-6253 | SQL Injection vulnerability in SAP Adaptive Server Enterprise 15.7/16.0 Under certain conditions, SAP Adaptive Server Enterprise (Web Services), versions 15.7, 16.0, allows an authenticated user to execute crafted database queries to elevate their privileges, modify database objects, or execute commands they are not otherwise authorized to execute, leading to SQL Injection. | 7.2 |
| 2020-05-12 | CVE-2020-6252 | Unspecified vulnerability in SAP Adaptive Server Enterprise Cockpit 16.0 Under certain conditions SAP Adaptive Server Enterprise (Cockpit), version 16.0, allows an attacker with access to local network, to get sensitive and confidential information, leading to Information Disclosure. low complexity sap | 8.0 |
| 2020-05-12 | CVE-2020-6249 | SQL Injection vulnerability in SAP products The use of an admin backend report within SAP Master Data Governance, versions - S4CORE 101, S4FND 102, 103, 104, SAP_BS_FND 748; allows an attacker to execute crafted database queries, exposing the backend database, leading to SQL Injection. | 8.8 |
| 2020-05-12 | CVE-2020-6248 | Improper Input Validation vulnerability in SAP Adaptive Server Enterprise Backup Server 16.0 SAP Adaptive Server Enterprise (Backup Server), version 16.0, does not perform the necessary validation checks for an authenticated user while executing DUMP or LOAD command allowing arbitrary code execution or Code Injection. | 7.2 |
| 2020-05-12 | CVE-2020-6247 | Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 4.2 SAP Business Objects Business Intelligence Platform, version 4.2, allows an unauthenticated attacker to prevent legitimate users from accessing a service. | 7.5 |
| 2020-05-12 | CVE-2020-6244 | Uncontrolled Search Path Element vulnerability in SAP Business Client 7.0 SAP Business Client, version 7.0, allows an attacker after a successful social engineering attack to inject malicious code as a DLL file in untrusted directories that can be executed by the application, due to uncontrolled search path element. | 7.8 |