Vulnerabilities > SAP > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-14 | CVE-2020-6267 | Incorrect Permission Assignment for Critical Resource vulnerability in SAP Disclosure Management 10.1 Some sensitive cookies in SAP Disclosure Management, version 10.1, are missing HttpOnly flag, leading to sensitive cookie without Http Only flag. | 5.4 |
| 2020-07-01 | CVE-2020-6261 | Improper Encoding or Escaping of Output vulnerability in SAP Solution Manager 7.20 SAP Solution Manager (Trace Analysis), version 7.20, allows an attacker to perform a log injection into the trace file, due to Incomplete XML Validation. | 5.3 |
| 2020-06-10 | CVE-2020-6270 | Missing Authorization vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver AS ABAP (Banking Services), versions - 710, 711, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not perform necessary authorization checks for an authenticated user due to Missing Authorization Check, allowing wrong and unexpected change of individual conditions by a malicious user leading to wrong prices. | 6.5 |
| 2020-06-10 | CVE-2020-6269 | Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 4.2 Under certain conditions SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure. | 6.5 |
| 2020-06-10 | CVE-2020-6266 | Open Redirect vulnerability in SAP Fiori SAP Fiori for SAP S/4HANA, versions - 100, 200, 300, 400, allows an attacker to redirect users to a malicious site due to insufficient URL validation, leading to URL Redirection. | 5.4 |
| 2020-06-10 | CVE-2020-6260 | XML Injection (aka Blind XPath Injection) vulnerability in SAP Solution Manager 7.20 SAP Solution Manager (Trace Analysis), version 7.20, allows an attacker to inject superflous data that can be displayed by the application, due to Incomplete XML Validation. | 5.3 |
| 2020-06-10 | CVE-2020-6246 | Cross-site Scripting vulnerability in SAP Netweaver AS Abap Business Server Pages SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_TABLE, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability. | 6.1 |
| 2020-06-10 | CVE-2020-6239 | Insufficiently Protected Credentials vulnerability in SAP Business ONE 10.0/9.3 Under certain conditions SAP Business One (Backup service), versions 9.3, 10.0, allows an attacker with admin permissions to view SYSTEM user password in clear text, leading to Information Disclosure. | 4.4 |
| 2020-05-12 | CVE-2020-6259 | Missing Authorization vulnerability in SAP Adaptive Server Enterprise 15.7/16.0 Under certain conditions SAP Adaptive Server Enterprise, versions 15.7, 16.0, allows an attacker to access information which would otherwise be restricted leading to Missing Authorization Check. | 6.5 |
| 2020-05-12 | CVE-2020-6258 | Missing Authorization vulnerability in SAP Identity Management 8.0 SAP Identity Management, version 8.0, does not perform necessary authorization checks for an authenticated user, allowing the attacker to view certain sensitive information of the victim, leading to Missing Authorization Check. | 6.5 |