Vulnerabilities (CVE)

Total 82119 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-6241 1 Sap 1 Adaptive Server Enterprise 2024-11-21 6.5 MEDIUM 8.8 HIGH
SAP Adaptive Server Enterprise, version 16.0, allows an authenticated user to execute crafted database queries to elevate privileges of users in the system, leading to SQL Injection.
CVE-2020-6240 1 Sap 1 Netweaver As Abap 2024-11-21 5.0 MEDIUM 7.5 HIGH
SAP NetWeaver AS ABAP (Web Dynpro ABAP), versions (SAP_UI 750, 752, 753, 754 and SAP_BASIS 700, 710, 730, 731, 804) allows an unauthenticated attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service leading to Denial of Service
CVE-2020-6237 1 Sap 1 Businessobjects Business Intelligence Platform 2024-11-21 5.0 MEDIUM 7.5 HIGH
Under certain conditions, SAP Business Objects Business Intelligence Platform, version 4.1, 4.2, dswsbobje web application allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure.
CVE-2020-6236 1 Sap 2 Adaptive Extensions, Landscape Management 2024-11-21 6.5 MEDIUM 7.2 HIGH
SAP Landscape Management, version 3.0, and SAP Adaptive Extensions, version 1.0, allows an attacker with admin_group privileges to change ownership and permissions (including S-user ID bit s-bit) of arbitrary files remotely. This results in the possibility to execute these files as root user from a non-root context, leading to Privilege Escalation.
CVE-2020-6235 1 Sap 1 Solution Manager 2024-11-21 5.0 MEDIUM 8.6 HIGH
SAP Solution Manager (Diagnostics Agent), version 7.2, does not perform the authentication check for the functionalities of the Collector Simulator, leading to Missing Authentication.
CVE-2020-6234 1 Sap 1 Host Agent 2024-11-21 6.5 MEDIUM 7.2 HIGH
SAP Host Agent, version 7.21, allows an attacker with admin privileges to use the operation framework to gain root privileges over the underlying operating system, leading to Privilege Escalation.
CVE-2020-6230 1 Sap 1 Orientdb 2024-11-21 6.5 MEDIUM 7.2 HIGH
SAP OrientDB, version 3.0, allows an authenticated attacker with script execute/write permissions to inject code that can be executed by the application and lead to Code Injection. An attacker could thereby control the behavior of the application.
CVE-2020-6227 1 Sap 1 Businessobjects Business Intelligence Platform 2024-11-21 5.0 MEDIUM 7.5 HIGH
SAP Business Objects Business Intelligence Platform (CMS / Auditing issues), version 4.2, allows attacker to send specially crafted GIOP packets to several services due to Improper Input Validation, allowing to forge additional entries in GLF log files.
CVE-2020-6225 1 Sap 2 Netweaver Knowledge Management And Collaboration \(kmc-cm\), Netweaver Knowledge Management And Collaboration \(kmc-wpc\) 2024-11-21 6.5 MEDIUM 8.8 HIGH
SAP NetWeaver (Knowledge Management), versions (KMC-CM - 7.00, 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 and KMC-WPC 7.30, 7.31, 7.40, 7.50), does not sufficiently validate path information provided by users, thus characters representing traverse to parent directory are passed through to the file APIs, allowing the attacker to overwrite, delete, or corrupt arbitrary files on the remote server, leading to Path Traversal.
CVE-2020-6219 1 Sap 2 Businessobjects Business Intelligence Platform, Crystal Reports For Visual Studio 2024-11-21 6.5 MEDIUM 8.8 HIGH
SAP Business Objects Business Intelligence Platform (CrystalReports WebForm Viewer), versions 4.1, 4.2, and Crystal Reports for VS version 2010, allows an attacker with basic authorization to perform deserialization attack in the application, leading to service interruptions and denial of service and unauthorized execution of arbitrary commands, leading to Deserialization of Untrusted Data.
CVE-2020-6209 1 Sap 1 Disclosure Management 2024-11-21 6.0 MEDIUM 7.5 HIGH
SAP Disclosure Management, version 10.1, does not perform necessary authorization checks for an authenticated user, allowing access to administration accounts by a user with no roles, leading to Missing Authorization Check.
CVE-2020-6208 1 Sap 1 Crystal Reports 2024-11-21 4.4 MEDIUM 8.2 HIGH
SAP Business Objects Business Intelligence Platform (Crystal Reports), versions- 4.1, 4.2, allows an attacker with basic authorization to inject code that can be executed by the application and thus allowing the attacker to control the behaviour of the application, leading to Remote Code Execution. Although the mode of attack is only Local, multiple applications can be impacted as a result of the vulnerability.
CVE-2020-6202 1 Sap 1 Netweaver Application Server Java 2024-11-21 6.5 MEDIUM 7.2 HIGH
SAP NetWeaver Application Server Java (User Management Engine), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; does not sufficiently validate the LDAP data source configuration XML document accepted from an untrusted source, leading to Missing XML Validation.
CVE-2020-6196 1 Sap 1 Businessobjects Mobile 2024-11-21 5.0 MEDIUM 7.5 HIGH
SAP BusinessObjects Mobile (MobileBIService), version 4.2, allows an attacker to generate multiple requests, using which he can block all the threads resulting in a Denial of Service.
CVE-2020-6192 1 Sap 1 Landscape Management 2024-11-21 9.0 HIGH 7.2 HIGH
SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious commands with root privileges in SAP Host Agent via SAP Landscape Management.
CVE-2020-6191 1 Sap 1 Landscape Management 2024-11-21 9.0 HIGH 7.2 HIGH
SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious executables with root privileges in SAP Host Agent via SAP Landscape Management due to Missing Input Validation.
CVE-2020-6188 1 Sap 2 Erp, S\/4 Hana 2024-11-21 6.5 MEDIUM 8.8 HIGH
VAT Pro-Rata reports in SAP ERP (SAP_APPL versions 600, 602, 603, 604, 605, 606, 616 and SAP_FIN versions 617, 618, 700, 720, 730) and SAP S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorization checks for an authenticated user leading to Missing Authorization Check.
CVE-2020-6186 1 Sap 1 Host Agent 2024-11-21 5.0 MEDIUM 7.5 HIGH
SAP Host Agent, version 7.21, allows an attacker to cause a slowdown in processing of username/password-based authentication requests of the SAP Host Agent, leading to Denial of Service.
CVE-2020-6168 1 Webfactoryltd 1 Minimal Coming Soon \& Maintenance Mode 2024-11-21 6.5 MEDIUM 7.6 HIGH
A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.10, allows authenticated users with basic access to enable and disable maintenance-mode settings (impacting the availability and confidentiality of a vulnerable site, along with the integrity of the setting).
CVE-2020-6167 1 Webfactoryltd 1 Minimal Coming Soon \& Maintenance Mode 2024-11-21 6.8 MEDIUM 8.8 HIGH
A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.10, allows a CSRF attack to enable maintenance mode, inject XSS, modify several important settings, or include remote files as a logo.