Vulnerabilities > SAP > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-20 | CVE-2020-6362 | Incorrect Authorization vulnerability in SAP Banking Services 500 SAP Banking Services version 500, use an incorrect authorization object in some of its reports. | 6.5 |
| 2020-10-20 | CVE-2020-6315 | Unspecified vulnerability in SAP 3D Visual Enterprise Viewer 9 SAP 3D Visual Enterprise Viewer, version 9, allows an attacker to send certain manipulated file to the victim, which can lead to leakage of sensitive information when the victim loads the malicious file into the VE viewer, leading to Information Disclosure. | 5.5 |
| 2020-10-20 | CVE-2020-6308 | Server-Side Request Forgery (SSRF) vulnerability in SAP Businessobjects Business Intelligence Platform 4.1/4.2/4.3 SAP BusinessObjects Business Intelligence Platform (Web Services) versions - 410, 420, 430, allows an unauthenticated attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. | 5.3 |
| 2020-10-15 | CVE-2020-6365 | Open Redirect vulnerability in SAP Netweaver Application Server Java SAP NetWeaver AS Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, Start Page allows an unauthenticated remote attacker to redirect users to a malicious site due to insufficient reverse tabnabbing URL validation. | 6.1 |
| 2020-10-15 | CVE-2020-6376 | Improper Input Validation vulnerability in SAP 3D Visual Enterprise Viewer 9 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated Right Hemisphere Binary (.rh) file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | 5.5 |
| 2020-10-15 | CVE-2020-6375 | Improper Input Validation vulnerability in SAP 3D Visual Enterprise Viewer 9 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated Right Computer Graphics Metafile (.cgm) file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | 5.5 |
| 2020-10-15 | CVE-2020-6371 | Unspecified vulnerability in SAP Netweaver Application Server Abap User enumeration vulnerability can be exploited to get a list of user accounts and personal user information can be exposed in SAP NetWeaver Application Server ABAP (POWL test application) versions - 710, 711, 730, 731, 740, 750, leading to Information Disclosure. | 4.3 |
| 2020-10-15 | CVE-2020-6368 | Cross-site Scripting vulnerability in SAP Business Planning and Consolidation SAP Business Planning and Consolidation, versions - 750, 751, 752, 753, 754, 755, 810, 100, 200, can be abused by an attacker, allowing them to modify displayed application content without authorization, and to potentially obtain authentication information from other legitimate users, leading to Cross Site Scripting. | 5.4 |
| 2020-10-15 | CVE-2020-6363 | Insufficient Session Expiration vulnerability in SAP Commerce Cloud SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, exposes several web applications that maintain sessions with a user. | 4.6 |
| 2020-10-15 | CVE-2020-6323 | Cross-site Scripting vulnerability in SAP Netweaver Enterprise Portal 7.31/7.40/7.50 SAP NetWeaver Enterprise Portal (Fiori Framework Page) versions - 7.50, 7.31, 7.40, does not sufficiently encode user-controlled inputs and allows an attacker on a valid session to create an XSS that will be both reflected immediately and also be persisted and returned in further access to the system, resulting in Cross Site Scripting. | 6.1 |