|
197511
|
8.2 |
HIGH
Local
|
sap
|
crystal_reports
|
SAP Business Objects Business Intelligence Platform (Crystal Reports), versions- 4.1, 4.2, allows an attacker with basic authorization to inject code that can be executed by the application and thus …
|
CWE-416
Use After Free
|
CVE-2020-6208
|
2024-11-21 14:35 |
2020-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197512
|
9.8 |
CRITICAL
Network
|
sap
|
solution_manager
|
SAP Solution Manager (User Experience Monitoring), version- 7.2, due to Missing Authentication Check does not perform any authentication for a service resulting in complete compromise of all SMDAgent…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-6207
|
2024-11-21 14:35 |
2020-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197513
|
4.3 |
MEDIUM
Network
|
sap
|
cloud_platform_integration
|
SAP Cloud Platform Integration for Data Services, version 1.0, allows user inputs to be reflected as error or warning massages. This could mislead the victim to follow malicious instructions inserted…
|
CWE-352
Origin Validation Error
|
CVE-2020-6206
|
2024-11-21 14:35 |
2020-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197514
|
4.3 |
MEDIUM
Network
|
sap
|
treasury_and_risk_management_\(ea-finserv\)
treasury_and_risk_management_\(s4core\)
|
The selection query in SAP Treasury and Risk Management (Transaction Management) (EA-FINSERV?versions 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104) returns more …
|
CWE-862
Missing Authorization
|
CVE-2020-6204
|
2024-11-21 14:35 |
2020-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197515
|
6.1 |
MEDIUM
Network
|
sap
|
netweaver_as_abap_business_server_pages
|
SAP NetWeaver AS ABAP Business Server Pages (Smart Forms), SAP_BASIS versions- 7.00, 7.01, 7.02, 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, 7.51, 7.52, 7.53, 7.54; does not sufficiently encode user controll…
|
CWE-79
Cross-site Scripting
|
CVE-2020-6205
|
2024-11-21 14:35 |
2020-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197516
|
9.1 |
CRITICAL
Network
|
sap
|
netweaver
|
SAP NetWeaver UDDI Server (Services Registry), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; allows an attacker to exploit insufficient validation of path information provided by users, thus ch…
|
CWE-22
Path Traversal
|
CVE-2020-6203
|
2024-11-21 14:35 |
2020-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197517
|
7.2 |
HIGH
Network
|
sap
|
netweaver_application_server_java
|
SAP NetWeaver Application Server Java (User Management Engine), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; does not sufficiently validate the LDAP data source configuration XML document acce…
|
CWE-20
Improper Input Validation
|
CVE-2020-6202
|
2024-11-21 14:35 |
2020-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197518
|
6.1 |
MEDIUM
Network
|
sap
|
commerce_cloud
|
The SAP Commerce (Testweb Extension), versions- 6.6, 6.7, 1808, 1811, 1905, does not sufficiently encode user-controlled inputs, due to which certain GET URL parameters are reflected in the HTTP resp…
|
CWE-79
Cross-site Scripting
|
CVE-2020-6201
|
2024-11-21 14:35 |
2020-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197519
|
5.4 |
MEDIUM
Network
|
sap
|
commerce_cloud
|
The SAP Commerce (SmartEdit Extension), versions- 6.6, 6.7, 1808, 1811, is vulnerable to client-side angularjs template injection, a variant of Cross-Site-Scripting (XSS) that exploits the templating…
|
CWE-79
Cross-site Scripting
|
CVE-2020-6200
|
2024-11-21 14:35 |
2020-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197520
|
5.4 |
MEDIUM
Network
|
sap
|
erp
|
The view FIMENAV_COMPCERT in SAP ERP (MENA Certificate Management), EAPPGLO version 607, SAP_FIN versions- 618, 730 and SAP S/4HANA (MENA Certificate Management), S4CORE versions- 100, 101, 102, 103,…
|
CWE-862
Missing Authorization
|
CVE-2020-6199
|
2024-11-21 14:35 |
2020-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
