Vulnerabilities > SAP > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-10-15 CVE-2020-6323 Cross-site Scripting vulnerability in SAP Netweaver Enterprise Portal 7.31/7.40/7.50
SAP NetWeaver Enterprise Portal (Fiori Framework Page) versions - 7.50, 7.31, 7.40, does not sufficiently encode user-controlled inputs and allows an attacker on a valid session to create an XSS that will be both reflected immediately and also be persisted and returned in further access to the system, resulting in Cross Site Scripting.
network
low complexity
sap CWE-79
6.1
2020-10-15 CVE-2020-6319 Cross-site Scripting vulnerability in SAP Netweaver Application Server Java
SAP NetWeaver Application Server Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50 allows an unauthenticated attacker to include JavaScript blocks in any web page or URL with different symbols which are otherwise not allowed.
network
low complexity
sap CWE-79
6.1
2020-10-15 CVE-2020-6272 Cross-site Scripting vulnerability in SAP Commerce Cloud
SAP Commerce Cloud versions - 1808, 1811, 1905, 2005, does not sufficiently encode user inputs, which allows an authenticated and authorized content manager to inject malicious script into several web CMS components.
network
low complexity
sap CWE-79
5.4
2020-09-09 CVE-2020-6324 Cross-site Scripting vulnerability in SAP Netweaver AS Abap Business Server Pages
SAP Netweaver AS ABAP(BSP Test Application sbspext_table), version-700,701,720,730,731,740,750,751,752,753,754,755, allows an unauthenticated attacker to send polluted URL to the victim, when the victim clicks on this URL, the attacker can read, modify the information available in the victim?s browser leading to Reflected Cross Site Scripting.
network
low complexity
sap CWE-79
6.1
2020-09-09 CVE-2020-6311 Unspecified vulnerability in SAP products
Banking services from SAP 9.0 (Bank Analyzer), version - 500, and SAP S/4HANA for financial products subledger, version ? 100, does not correctly perform necessary authorization checks for an authenticated user due to Improper Authorization checks, that may cause a system administrator to create incorrect authorization proposals.
network
low complexity
sap
6.5
2020-09-09 CVE-2020-6361 Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Viewer 9
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated RLE files received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
network
low complexity
sap CWE-787
4.3
2020-09-09 CVE-2020-6360 Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Viewer 9
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated DIB file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
network
low complexity
sap CWE-787
4.3
2020-09-09 CVE-2020-6359 Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Viewer 9
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PLT file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
network
low complexity
sap CWE-787
4.3
2020-09-09 CVE-2020-6358 Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Viewer 9
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated FBX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
network
low complexity
sap CWE-787
4.3
2020-09-09 CVE-2020-6357 Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Viewer 9
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated U3D file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
network
low complexity
sap CWE-787
4.3