Vulnerabilities > SAP > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-04-14 | CVE-2020-6227 | Improper Encoding or Escaping of Output vulnerability in SAP Businessobjects Business Intelligence Platform 4.2 SAP Business Objects Business Intelligence Platform (CMS / Auditing issues), version 4.2, allows attacker to send specially crafted GIOP packets to several services due to Improper Input Validation, allowing to forge additional entries in GLF log files. | 7.5 |
2020-04-14 | CVE-2020-6219 | Deserialization of Untrusted Data vulnerability in SAP products SAP Business Objects Business Intelligence Platform (CrystalReports WebForm Viewer), versions 4.1, 4.2, and Crystal Reports for VS version 2010, allows an attacker with basic authorization to perform deserialization attack in the application, leading to service interruptions and denial of service and unauthorized execution of arbitrary commands, leading to Deserialization of Untrusted Data. | 8.8 |
2020-03-10 | CVE-2020-6209 | Missing Authorization vulnerability in SAP Disclosure Management 10.1 SAP Disclosure Management, version 10.1, does not perform necessary authorization checks for an authenticated user, allowing access to administration accounts by a user with no roles, leading to Missing Authorization Check. | 7.5 |
2020-03-10 | CVE-2020-6208 | Use After Free vulnerability in SAP Crystal Reports 4.1/4.2 SAP Business Objects Business Intelligence Platform (Crystal Reports), versions- 4.1, 4.2, allows an attacker with basic authorization to inject code that can be executed by the application and thus allowing the attacker to control the behaviour of the application, leading to Remote Code Execution. | 8.2 |
2020-03-10 | CVE-2020-6202 | Improper Input Validation vulnerability in SAP Netweaver Application Server Java SAP NetWeaver Application Server Java (User Management Engine), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; does not sufficiently validate the LDAP data source configuration XML document accepted from an untrusted source, leading to Missing XML Validation. | 7.2 |
2020-03-10 | CVE-2020-6196 | Unspecified vulnerability in SAP Businessobjects Mobile 4.2 SAP BusinessObjects Mobile (MobileBIService), version 4.2, allows an attacker to generate multiple requests, using which he can block all the threads resulting in a Denial of Service. | 7.5 |
2020-02-12 | CVE-2020-6192 | Improper Input Validation vulnerability in SAP Landscape Management 3.0 SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious commands with root privileges in SAP Host Agent via SAP Landscape Management. | 7.2 |
2020-02-12 | CVE-2020-6191 | Improper Input Validation vulnerability in SAP Landscape Management 3.0 SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious executables with root privileges in SAP Host Agent via SAP Landscape Management due to Missing Input Validation. | 7.2 |
2020-02-12 | CVE-2020-6188 | Missing Authorization vulnerability in SAP ERP and S/4 Hana VAT Pro-Rata reports in SAP ERP (SAP_APPL versions 600, 602, 603, 604, 605, 606, 616 and SAP_FIN versions 617, 618, 700, 720, 730) and SAP S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorization checks for an authenticated user leading to Missing Authorization Check. | 8.8 |
2020-02-12 | CVE-2020-6186 | Missing Authentication for Critical Function vulnerability in SAP Host Agent 7.21 SAP Host Agent, version 7.21, allows an attacker to cause a slowdown in processing of username/password-based authentication requests of the SAP Host Agent, leading to Denial of Service. | 7.5 |