Vulnerabilities > SAP > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-10 | CVE-2020-26809 | Incorrect Default Permissions vulnerability in SAP Commerce Cloud SAP Commerce Cloud, versions- 1808,1811,1905,2005, allows an attacker to bypass existing authentication and permission checks via the '/medias' endpoint hence gaining access to Secure Media folders. | 5.0 |
| 2020-11-10 | CVE-2020-26808 | Unspecified vulnerability in SAP AS Abap(Dmis) and SAP S4 Hana(Dmis) SAP AS ABAP(DMIS), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SAP S4 HANA(DMIS), versions - 101, 102, 103, 104, 105, allows an authenticated attacker to inject arbitrary code into function module leading to code injection that can be executed in the application which affects the confidentiality, availability and integrity of the application. | 6.5 |
| 2020-10-20 | CVE-2020-6369 | Unspecified vulnerability in SAP Focused RUN and Solution Manager SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an unauthenticated attackers to bypass the authentication if the default passwords for Admin and Guest have not been changed by the administrator.This may impact the confidentiality of the service. network sap | 4.3 |
| 2020-10-20 | CVE-2020-6367 | Cross-site Scripting vulnerability in SAP Netweaver Composite Application Framework There is a reflected cross site scripting vulnerability in SAP NetWeaver Composite Application Framework, versions - 7.20, 7.30, 7.31, 7.40, 7.50. | 4.3 |
| 2020-10-20 | CVE-2020-6366 | Improper Input Validation vulnerability in SAP Netweaver Compare Systems SAP NetWeaver (Compare Systems) versions - 7.20, 7.30, 7.40, 7.50, does not sufficiently validate uploaded XML documents. | 5.5 |
| 2020-10-20 | CVE-2020-6362 | Incorrect Authorization vulnerability in SAP Banking Services 500 SAP Banking Services version 500, use an incorrect authorization object in some of its reports. | 6.8 |
| 2020-10-20 | CVE-2020-6315 | Unspecified vulnerability in SAP 3D Visual Enterprise Viewer 9 SAP 3D Visual Enterprise Viewer, version 9, allows an attacker to send certain manipulated file to the victim, which can lead to leakage of sensitive information when the victim loads the malicious file into the VE viewer, leading to Information Disclosure. network sap | 4.3 |
| 2020-10-20 | CVE-2020-6308 | Server-Side Request Forgery (SSRF) vulnerability in SAP Businessobjects Business Intelligence Platform 4.1/4.2/4.3 SAP BusinessObjects Business Intelligence Platform (Web Services) versions - 410, 420, 430, allows an unauthenticated attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. | 5.0 |
| 2020-10-15 | CVE-2020-6365 | Open Redirect vulnerability in SAP Netweaver Application Server Java SAP NetWeaver AS Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, Start Page allows an unauthenticated remote attacker to redirect users to a malicious site due to insufficient reverse tabnabbing URL validation. | 5.8 |
| 2020-10-15 | CVE-2020-6376 | Improper Input Validation vulnerability in SAP 3D Visual Enterprise Viewer 9 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated Right Hemisphere Binary (.rh) file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | 4.3 |