|
199971
|
6.8 |
MEDIUM
Adjacent
|
sap
|
adaptive_server_enterprise
|
SAP Adaptive Server Enterprise, version 16.0, allows an authenticated attacker to exploit certain misconfigured endpoints exposed over the adjacent network, to read system administrator password lead…
|
NVD-CWE-noinfo
|
CVE-2020-6250
|
2024-11-21 14:35 |
2020-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199972
|
8.8 |
HIGH
Network
|
sap
|
master_data_governance_\(s4fnd\)
master_data_governance_\(sap_bs_fnd\)
master_data_governance_\(s4core\)
|
The use of an admin backend report within SAP Master Data Governance, versions - S4CORE 101, S4FND 102, 103, 104, SAP_BS_FND 748; allows an attacker to execute crafted database queries, exposing the …
|
CWE-89
SQL Injection
|
CVE-2020-6249
|
2024-11-21 14:35 |
2020-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199973
|
7.2 |
HIGH
Network
|
sap
|
adaptive_server_enterprise_backup_server
|
SAP Adaptive Server Enterprise (Backup Server), version 16.0, does not perform the necessary validation checks for an authenticated user while executing DUMP or LOAD command allowing arbitrary code e…
|
CWE-94
CWE-20
Code Injection
Improper Input Validation
|
CVE-2020-6248
|
2024-11-21 14:35 |
2020-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199974
|
7.5 |
HIGH
Network
|
sap
|
businessobjects_business_intelligence_platform
|
SAP Business Objects Business Intelligence Platform, version 4.2, allows an unauthenticated attacker to prevent legitimate users from accessing a service. Using a specially crafted request, the attac…
|
NVD-CWE-noinfo
|
CVE-2020-6247
|
2024-11-21 14:35 |
2020-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199975
|
6.7 |
MEDIUM
Local
|
sap
|
businessobjects_business_intelligence_platform
|
SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker with access to local instance, to inject file or code that can be executed by the application due to Improper Cont…
|
CWE-74
Injection
|
CVE-2020-6245
|
2024-11-21 14:35 |
2020-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199976
|
7.8 |
HIGH
Local
|
sap
|
business_client
|
SAP Business Client, version 7.0, allows an attacker after a successful social engineering attack to inject malicious code as a DLL file in untrusted directories that can be executed by the applicati…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2020-6244
|
2024-11-21 14:35 |
2020-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199977
|
8.8 |
HIGH
Network
|
sap
|
adaptive_server_enterprise
|
Under certain conditions, SAP Adaptive Server Enterprise (XP Server on Windows Platform), versions 15.7, 16.0, does not perform the necessary checks for an authenticated user while executing the exte…
|
CWE-94
Code Injection
|
CVE-2020-6243
|
2024-11-21 14:35 |
2020-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199978
|
9.8 |
CRITICAL
Network
|
sap
|
businessobjects_business_intelligence_platform
|
SAP Business Objects Business Intelligence Platform (Live Data Connect), versions 1.0, 2.0, 2.1, 2.2, 2.3, allows an attacker to logon on the Central Management Console without password in case of th…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-6242
|
2024-11-21 14:35 |
2020-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199979
|
8.8 |
HIGH
Network
|
sap
|
adaptive_server_enterprise
|
SAP Adaptive Server Enterprise, version 16.0, allows an authenticated user to execute crafted database queries to elevate privileges of users in the system, leading to SQL Injection.
|
CWE-89
SQL Injection
|
CVE-2020-6241
|
2024-11-21 14:35 |
2020-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199980
|
7.5 |
HIGH
Network
|
sap
|
netweaver_application_server_abap
|
SAP NetWeaver AS ABAP (Web Dynpro ABAP), versions (SAP_UI 750, 752, 753, 754 and SAP_BASIS 700, 710, 730, 731, 804) allows an unauthenticated attacker to prevent legitimate users from accessing a ser…
|
NVD-CWE-noinfo
|
CVE-2020-6240
|
2024-11-21 14:35 |
2020-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
