Total
82278 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-6249 | 1 Sap | 3 Master Data Governance \(s4core\), Master Data Governance \(s4fnd\), Master Data Governance \(sap Bs Fnd\) | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The use of an admin backend report within SAP Master Data Governance, versions - S4CORE 101, S4FND 102, 103, 104, SAP_BS_FND 748; allows an attacker to execute crafted database queries, exposing the backend database, leading to SQL Injection. | |||||
| CVE-2020-6248 | 1 Sap | 1 Adaptive Server Enterprise Backup Server | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| SAP Adaptive Server Enterprise (Backup Server), version 16.0, does not perform the necessary validation checks for an authenticated user while executing DUMP or LOAD command allowing arbitrary code execution or Code Injection. | |||||
| CVE-2020-6247 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| SAP Business Objects Business Intelligence Platform, version 4.2, allows an unauthenticated attacker to prevent legitimate users from accessing a service. Using a specially crafted request, the attacker can crash or flood the Central Management Server, thereby impacting system availability. | |||||
| CVE-2020-6243 | 1 Sap | 1 Adaptive Server Enterprise | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Under certain conditions, SAP Adaptive Server Enterprise (XP Server on Windows Platform), versions 15.7, 16.0, does not perform the necessary checks for an authenticated user while executing the extended stored procedure, allowing an attacker to read, modify, delete restricted data on connected servers, leading to Code Injection. | |||||
| CVE-2020-6241 | 1 Sap | 1 Adaptive Server Enterprise | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SAP Adaptive Server Enterprise, version 16.0, allows an authenticated user to execute crafted database queries to elevate privileges of users in the system, leading to SQL Injection. | |||||
| CVE-2020-6240 | 1 Sap | 1 Netweaver As Abap | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| SAP NetWeaver AS ABAP (Web Dynpro ABAP), versions (SAP_UI 750, 752, 753, 754 and SAP_BASIS 700, 710, 730, 731, 804) allows an unauthenticated attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service leading to Denial of Service | |||||
| CVE-2020-6237 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Under certain conditions, SAP Business Objects Business Intelligence Platform, version 4.1, 4.2, dswsbobje web application allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure. | |||||
| CVE-2020-6236 | 1 Sap | 2 Adaptive Extensions, Landscape Management | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| SAP Landscape Management, version 3.0, and SAP Adaptive Extensions, version 1.0, allows an attacker with admin_group privileges to change ownership and permissions (including S-user ID bit s-bit) of arbitrary files remotely. This results in the possibility to execute these files as root user from a non-root context, leading to Privilege Escalation. | |||||
| CVE-2020-6235 | 1 Sap | 1 Solution Manager | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
| SAP Solution Manager (Diagnostics Agent), version 7.2, does not perform the authentication check for the functionalities of the Collector Simulator, leading to Missing Authentication. | |||||
| CVE-2020-6234 | 1 Sap | 1 Host Agent | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| SAP Host Agent, version 7.21, allows an attacker with admin privileges to use the operation framework to gain root privileges over the underlying operating system, leading to Privilege Escalation. | |||||
| CVE-2020-6230 | 1 Sap | 1 Orientdb | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| SAP OrientDB, version 3.0, allows an authenticated attacker with script execute/write permissions to inject code that can be executed by the application and lead to Code Injection. An attacker could thereby control the behavior of the application. | |||||
| CVE-2020-6227 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| SAP Business Objects Business Intelligence Platform (CMS / Auditing issues), version 4.2, allows attacker to send specially crafted GIOP packets to several services due to Improper Input Validation, allowing to forge additional entries in GLF log files. | |||||
| CVE-2020-6225 | 1 Sap | 2 Netweaver Knowledge Management And Collaboration \(kmc-cm\), Netweaver Knowledge Management And Collaboration \(kmc-wpc\) | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SAP NetWeaver (Knowledge Management), versions (KMC-CM - 7.00, 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 and KMC-WPC 7.30, 7.31, 7.40, 7.50), does not sufficiently validate path information provided by users, thus characters representing traverse to parent directory are passed through to the file APIs, allowing the attacker to overwrite, delete, or corrupt arbitrary files on the remote server, leading to Path Traversal. | |||||
| CVE-2020-6219 | 1 Sap | 2 Businessobjects Business Intelligence Platform, Crystal Reports For Visual Studio | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SAP Business Objects Business Intelligence Platform (CrystalReports WebForm Viewer), versions 4.1, 4.2, and Crystal Reports for VS version 2010, allows an attacker with basic authorization to perform deserialization attack in the application, leading to service interruptions and denial of service and unauthorized execution of arbitrary commands, leading to Deserialization of Untrusted Data. | |||||
| CVE-2020-6209 | 1 Sap | 1 Disclosure Management | 2024-11-21 | 6.0 MEDIUM | 7.5 HIGH |
| SAP Disclosure Management, version 10.1, does not perform necessary authorization checks for an authenticated user, allowing access to administration accounts by a user with no roles, leading to Missing Authorization Check. | |||||
| CVE-2020-6208 | 1 Sap | 1 Crystal Reports | 2024-11-21 | 4.4 MEDIUM | 8.2 HIGH |
| SAP Business Objects Business Intelligence Platform (Crystal Reports), versions- 4.1, 4.2, allows an attacker with basic authorization to inject code that can be executed by the application and thus allowing the attacker to control the behaviour of the application, leading to Remote Code Execution. Although the mode of attack is only Local, multiple applications can be impacted as a result of the vulnerability. | |||||
| CVE-2020-6202 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| SAP NetWeaver Application Server Java (User Management Engine), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; does not sufficiently validate the LDAP data source configuration XML document accepted from an untrusted source, leading to Missing XML Validation. | |||||
| CVE-2020-6196 | 1 Sap | 1 Businessobjects Mobile | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| SAP BusinessObjects Mobile (MobileBIService), version 4.2, allows an attacker to generate multiple requests, using which he can block all the threads resulting in a Denial of Service. | |||||
| CVE-2020-6192 | 1 Sap | 1 Landscape Management | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious commands with root privileges in SAP Host Agent via SAP Landscape Management. | |||||
| CVE-2020-6191 | 1 Sap | 1 Landscape Management | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious executables with root privileges in SAP Host Agent via SAP Landscape Management due to Missing Input Validation. | |||||