Vulnerabilities > SAP > High

DATE CVE VULNERABILITY TITLE RISK
2020-04-14 CVE-2020-6227 Improper Encoding or Escaping of Output vulnerability in SAP Businessobjects Business Intelligence Platform 4.2
SAP Business Objects Business Intelligence Platform (CMS / Auditing issues), version 4.2, allows attacker to send specially crafted GIOP packets to several services due to Improper Input Validation, allowing to forge additional entries in GLF log files.
network
low complexity
sap CWE-116
7.5
2020-04-14 CVE-2020-6219 Deserialization of Untrusted Data vulnerability in SAP products
SAP Business Objects Business Intelligence Platform (CrystalReports WebForm Viewer), versions 4.1, 4.2, and Crystal Reports for VS version 2010, allows an attacker with basic authorization to perform deserialization attack in the application, leading to service interruptions and denial of service and unauthorized execution of arbitrary commands, leading to Deserialization of Untrusted Data.
network
low complexity
sap CWE-502
8.8
2020-03-10 CVE-2020-6209 Missing Authorization vulnerability in SAP Disclosure Management 10.1
SAP Disclosure Management, version 10.1, does not perform necessary authorization checks for an authenticated user, allowing access to administration accounts by a user with no roles, leading to Missing Authorization Check.
network
high complexity
sap CWE-862
7.5
2020-03-10 CVE-2020-6208 Use After Free vulnerability in SAP Crystal Reports 4.1/4.2
SAP Business Objects Business Intelligence Platform (Crystal Reports), versions- 4.1, 4.2, allows an attacker with basic authorization to inject code that can be executed by the application and thus allowing the attacker to control the behaviour of the application, leading to Remote Code Execution.
local
low complexity
sap CWE-416
8.2
2020-03-10 CVE-2020-6202 Improper Input Validation vulnerability in SAP Netweaver Application Server Java
SAP NetWeaver Application Server Java (User Management Engine), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; does not sufficiently validate the LDAP data source configuration XML document accepted from an untrusted source, leading to Missing XML Validation.
network
low complexity
sap CWE-20
7.2
2020-03-10 CVE-2020-6196 Unspecified vulnerability in SAP Businessobjects Mobile 4.2
SAP BusinessObjects Mobile (MobileBIService), version 4.2, allows an attacker to generate multiple requests, using which he can block all the threads resulting in a Denial of Service.
network
low complexity
sap
7.5
2020-02-12 CVE-2020-6192 Improper Input Validation vulnerability in SAP Landscape Management 3.0
SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious commands with root privileges in SAP Host Agent via SAP Landscape Management.
network
low complexity
sap CWE-20
7.2
2020-02-12 CVE-2020-6191 Improper Input Validation vulnerability in SAP Landscape Management 3.0
SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious executables with root privileges in SAP Host Agent via SAP Landscape Management due to Missing Input Validation.
network
low complexity
sap CWE-20
7.2
2020-02-12 CVE-2020-6188 Missing Authorization vulnerability in SAP ERP and S/4 Hana
VAT Pro-Rata reports in SAP ERP (SAP_APPL versions 600, 602, 603, 604, 605, 606, 616 and SAP_FIN versions 617, 618, 700, 720, 730) and SAP S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorization checks for an authenticated user leading to Missing Authorization Check.
network
low complexity
sap CWE-862
8.8
2020-02-12 CVE-2020-6186 Missing Authentication for Critical Function vulnerability in SAP Host Agent 7.21
SAP Host Agent, version 7.21, allows an attacker to cause a slowdown in processing of username/password-based authentication requests of the SAP Host Agent, leading to Denial of Service.
network
low complexity
sap CWE-306
7.5