Vulnerabilities > SAP > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-02-12 CVE-2020-6187 XXE vulnerability in SAP Netweaver Guided Procedures
SAP NetWeaver (Guided Procedures), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML document input from a compromised admin, leading to Denial of Service.
network
low complexity
sap CWE-611
4.9
2020-02-12 CVE-2020-6185 Cross-site Scripting vulnerability in SAP Netweaver and S/4Hana
Under certain conditions ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS versions 7.50, 7.51, 7.52, 7.53, 7.54), allows an authenticated attacker to store a malicious payload which results in Stored Cross Site Scripting vulnerability.
network
low complexity
sap CWE-79
5.4
2020-02-12 CVE-2020-6184 Cross-site Scripting vulnerability in SAP Netweaver and S/4Hana
Under certain conditions, ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS versions 7.50, 7.51, 7.52, 7.53, 7.54), does not sufficiently encode user-controlled inputs, resulting in Reflected Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
6.1
2020-02-12 CVE-2020-6183 Missing Authorization vulnerability in SAP Host Agent 7.21
SAP Host Agent, version 7.21, allows an unprivileged user to read the shared memory or write to the shared memory by sending request to the main SAPOSCOL process and receive responses that may contain data read with user root privileges e.g.
network
low complexity
sap CWE-862
6.5
2020-02-12 CVE-2020-6181 Unspecified vulnerability in SAP Abap Platform and Netweaver
Under some circumstances the SAML SSO implementation in the SAP NetWeaver (SAP_BASIS versions 702, 730, 731, 740 and SAP ABAP Platform (SAP_BASIS versions 750, 751, 752, 753, 754), allows an attacker to include invalidated data in the HTTP response header sent to a Web user, leading to HTTP Response Splitting vulnerability.
network
low complexity
sap
5.8
2020-02-12 CVE-2020-6177 Improper Input Validation vulnerability in SAP Mobile Platform 3.0
SAP Mobile Platform, version 3.0, does not sufficiently validate an XML document accepted from an untrusted source which could lead to partial denial of service.
network
low complexity
sap CWE-20
4.3
2020-01-14 CVE-2020-6307 Incorrect Authorization vulnerability in SAP Basis
Automated Note Search Tool (update provided in SAP Basis 7.0, 7.01, 7.02, 7.31, 7.4, 7.5, 7.51, 7.52, 7.53 and 7.54) does not perform sufficient authorization checks leading to the reading of sensitive information.
network
low complexity
sap CWE-863
4.3
2020-01-14 CVE-2020-6305 Cross-site Scripting vulnerability in SAP Process Integration 7.31/7.40/7.50
PI Rest Adapter of SAP Process Integration (update provided in SAP_XIAF 7.31, 7.40, 7.50) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
6.1
2020-01-14 CVE-2020-6303 Cross-site Scripting vulnerability in SAP Disclosure Management
SAP Disclosure Management, before version 10.1, does not validate user input properly in specific use cases leading to Cross-Site Scripting.
network
low complexity
sap CWE-79
5.4
2019-12-11 CVE-2019-0402 Unspecified vulnerability in SAP Adaptive Server Enterprise 16.0
SAP Adaptive Server Enterprise, before versions 15.7 and 16.0, under certain conditions exposes some sensitive information to the admin, leading to Information Disclosure.
local
low complexity
sap
4.4