Vulnerabilities > SAP > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-05-12 CVE-2020-6245 Injection vulnerability in SAP Businessobjects Business Intelligence Platform 4.2
SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker with access to local instance, to inject file or code that can be executed by the application due to Improper Control of Resource Identifiers.
local
low complexity
sap CWE-74
6.7
2020-04-24 CVE-2020-6213 Cross-site Scripting vulnerability in SAP Netweaver AS Abap Business Server Pages
SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_PHTMLB, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, is vulnerable to reflected Cross-Site Scripting (XSS) via different URL parameters as it does not sufficiently encode user controlled inputs.
network
low complexity
sap CWE-79
6.1
2020-04-24 CVE-2020-6212 Missing Authorization vulnerability in SAP ERP and S/4Hana
Egypt localized withholding tax reports Clearing of Liabilities and Remittance Statement and Summary in SAP ERP (versions 618, 730, EAPPLGLO 607) and S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorization checks for an authenticated user, allowing reading or modification of some tax reports, due to Missing Authorization Check.
network
low complexity
sap CWE-862
5.4
2020-04-14 CVE-2020-6217 Cross-site Scripting vulnerability in SAP Netweaver AS Abap Business Server Pages
SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
6.1
2020-04-14 CVE-2020-6215 Open Redirect vulnerability in SAP Netweaver AS Abap Business Server Pages
SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, allows an attacker to redirect users to a malicious site due to insufficient URL validation and steal credentials of the victim, leading to URL Redirection vulnerability.
network
low complexity
sap CWE-601
6.1
2020-04-14 CVE-2020-6211 Open Redirect vulnerability in SAP Businessobjects Business Intelligence Platform 4.1/4.2
SAP Business Objects Business Intelligence Platform (AdminTools), versions 4.1, 4.2, allows an attacker to redirect users to a malicious site due to insufficient URL validation and steal credentials of the victim, leading to URL Redirection vulnerability.
network
low complexity
sap CWE-601
6.1
2020-04-14 CVE-2020-6233 Missing Authorization vulnerability in SAP products
SAP S/4 HANA (Financial Products Subledger and Banking Services), versions - FSAPPL 400, 450, 500 and S4FPSL 100, allows an authenticated user to run an analysis report due to Missing Authorization Check, resulting in slowing the system.
network
low complexity
sap CWE-862
4.3
2020-04-14 CVE-2020-6232 Missing Authorization vulnerability in SAP Commerce Cloud 1811/1905
SAP Commerce, versions 1811, 1905, does not perform necessary authorization checks for an anonymous user, due to Missing Authorization Check.
network
low complexity
sap CWE-862
5.3
2020-04-14 CVE-2020-6231 Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 4.2
SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface), version 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
5.4
2020-04-14 CVE-2020-6229 Cross-site Scripting vulnerability in SAP Netweaver AS Abap Business Server Pages
SAP NetWeaver AS ABAP (Business Server Pages application CRM_BSP_FRAME), versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not sufficiently encode user controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
6.1