Vulnerabilities > SAP > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-12 | CVE-2021-21449 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP 3D Visual Enterprise Viewer 9 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated IFF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | 6.8 |
| 2020-12-09 | CVE-2020-26837 | Path Traversal vulnerability in SAP Solution Manager 7.20 SAP Solution Manager 7.2 (User Experience Monitoring), version - 7.2, allows an authenticated user to upload a malicious script that can exploit an existing path traversal vulnerability to compromise confidentiality exposing elements of the file system, partially compromise integrity allowing the modification of some configurations and partially compromise availability by making certain services unavailable. | 6.5 |
| 2020-12-09 | CVE-2020-26836 | Open Redirect vulnerability in SAP Solution Manager 7.20 SAP Solution Manager (Trace Analysis), version - 720, allows for misuse of a parameter in the application URL leading to Open Redirect vulnerability, an attacker can enter a link to malicious site which could trick the user to enter credentials or download malicious software, as a parameter in the application URL and share it with the end user who could potentially become a victim of the attack. | 5.8 |
| 2020-12-09 | CVE-2020-26835 | Cross-site Scripting vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver AS ABAP, versions - 740, 750, 751, 752, 753, 754 , does not sufficiently encode URL which allows an attacker to input malicious java script in the URL which could be executed in the browser resulting in Reflected Cross-Site Scripting (XSS) vulnerability. | 6.1 |
| 2020-12-09 | CVE-2020-26834 | Improper Authentication vulnerability in SAP Hana Database 2.00 SAP HANA Database, version - 2.0, does not correctly validate the username when performing SAML bearer token-based user authentication. | 5.5 |
| 2020-12-09 | CVE-2020-26831 | Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 4.1/4.2/4.3 SAP BusinessObjects BI Platform (Crystal Report), versions - 4.1, 4.2, 4.3, does not sufficiently validate uploaded XML entities during crystal report generation due to missing XML validation, An attacker with basic privileges can inject some arbitrary XML entities leading to internal file disclosure, internal directories disclosure, Server-Side Request Forgery (SSRF) and denial-of-service (DoS). | 5.5 |
| 2020-12-09 | CVE-2020-26830 | Missing Authorization vulnerability in SAP Solution Manager 7.20 SAP Solution Manager 7.2 (User Experience Monitoring), version - 7.2, does not perform necessary authorization checks for an authenticated user. | 5.5 |
| 2020-12-09 | CVE-2020-26828 | Unrestricted Upload of File with Dangerous Type vulnerability in SAP Disclosure Management 10.1 SAP Disclosure Management, version - 10.1, provides capabilities for authorized users to upload and download content of specific file type. | 5.5 |
| 2020-12-09 | CVE-2020-26826 | Unrestricted Upload of File with Dangerous Type vulnerability in SAP Netweaver Application Server Java 7.31/7.40/7.50 Process Integration Monitoring of SAP NetWeaver AS JAVA, versions - 7.31, 7.40, 7.50, allows an attacker to upload any file (including script files) without proper file format validation, leading to Unrestricted File Upload. | 4.0 |
| 2020-11-13 | CVE-2020-26825 | Cross-site Scripting vulnerability in SAP Fiori Launchpad (News Tile Application) SAP Fiori Launchpad (News tile Application), versions - 750,751,752,753,754,755, allows an unauthorized attacker to use SAP Fiori Launchpad News tile Application to send malicious code, to a different end user (victim), because News tile does not sufficiently encode user controlled inputs, resulting in Reflected Cross-Site Scripting (XSS) vulnerability. | 4.3 |