Vulnerabilities > SAP > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-12 | CVE-2020-6258 | Missing Authorization vulnerability in SAP Identity Management 8.0 SAP Identity Management, version 8.0, does not perform necessary authorization checks for an authenticated user, allowing the attacker to view certain sensitive information of the victim, leading to Missing Authorization Check. | 4.0 |
| 2020-05-12 | CVE-2020-6256 | Missing Authorization vulnerability in SAP Master Data Governance SAP Master Data Governance, versions - 748, 749, 750, 751, 752, 800, 801, 802, 803, 804, allows users to display change request details without having required authorizations, due to Missing Authorization Check. | 4.0 |
| 2020-05-12 | CVE-2020-6254 | Cross-site Scripting vulnerability in SAP Enterprise Threat Detection 1.0/2.0 SAP Enterprise Threat Detection, versions 1.0, 2.0, does not sufficiently encode error response pages in case of errors, allowing XSS payload reflecting in the response, leading to reflected Cross Site Scripting. | 4.3 |
| 2020-05-12 | CVE-2020-6253 | SQL Injection vulnerability in SAP Adaptive Server Enterprise 15.7/16.0 Under certain conditions, SAP Adaptive Server Enterprise (Web Services), versions 15.7, 16.0, allows an authenticated user to execute crafted database queries to elevate their privileges, modify database objects, or execute commands they are not otherwise authorized to execute, leading to SQL Injection. | 6.5 |
| 2020-05-12 | CVE-2020-6252 | Information Exposure vulnerability in SAP Adaptive Server Enterprise Cockpit 16.0 Under certain conditions SAP Adaptive Server Enterprise (Cockpit), version 16.0, allows an attacker with access to local network, to get sensitive and confidential information, leading to Information Disclosure. | 5.2 |
| 2020-05-12 | CVE-2020-6251 | Information Exposure vulnerability in SAP Businessobjects Business Intelligence Platform 4.2 Under certain conditions or error scenarios SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker to access information which would otherwise be restricted. | 5.0 |
| 2020-05-12 | CVE-2020-6250 | Information Exposure vulnerability in SAP Adaptive Server Enterprise 16.0 SAP Adaptive Server Enterprise, version 16.0, allows an authenticated attacker to exploit certain misconfigured endpoints exposed over the adjacent network, to read system administrator password leading to Information Disclosure. | 6.7 |
| 2020-05-12 | CVE-2020-6249 | SQL Injection vulnerability in SAP products The use of an admin backend report within SAP Master Data Governance, versions - S4CORE 101, S4FND 102, 103, 104, SAP_BS_FND 748; allows an attacker to execute crafted database queries, exposing the backend database, leading to SQL Injection. | 6.5 |
| 2020-05-12 | CVE-2020-6248 | Improper Input Validation vulnerability in SAP Adaptive Server Enterprise Backup Server 16.0 SAP Adaptive Server Enterprise (Backup Server), version 16.0, does not perform the necessary validation checks for an authenticated user while executing DUMP or LOAD command allowing arbitrary code execution or Code Injection. | 6.5 |
| 2020-05-12 | CVE-2020-6247 | Improper Input Validation vulnerability in SAP Businessobjects Business Intelligence Platform 4.2 SAP Business Objects Business Intelligence Platform, version 4.2, allows an unauthenticated attacker to prevent legitimate users from accessing a service. | 5.0 |