|
199491
|
4.3 |
MEDIUM
Network
|
sap
|
treasury_and_risk_management_\(ea-finserv\)
treasury_and_risk_management_\(s4core\)
|
The selection query in SAP Treasury and Risk Management (Transaction Management) (EA-FINSERV?versions 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104) returns more …
|
CWE-862
Missing Authorization
|
CVE-2020-6204
|
2024-11-21 14:35 |
2020-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199492
|
6.1 |
MEDIUM
Network
|
sap
|
netweaver_as_abap_business_server_pages
|
SAP NetWeaver AS ABAP Business Server Pages (Smart Forms), SAP_BASIS versions- 7.00, 7.01, 7.02, 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, 7.51, 7.52, 7.53, 7.54; does not sufficiently encode user controll…
|
CWE-79
Cross-site Scripting
|
CVE-2020-6205
|
2024-11-21 14:35 |
2020-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199493
|
9.1 |
CRITICAL
Network
|
sap
|
netweaver
|
SAP NetWeaver UDDI Server (Services Registry), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; allows an attacker to exploit insufficient validation of path information provided by users, thus ch…
|
CWE-22
Path Traversal
|
CVE-2020-6203
|
2024-11-21 14:35 |
2020-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199494
|
7.2 |
HIGH
Network
|
sap
|
netweaver_application_server_java
|
SAP NetWeaver Application Server Java (User Management Engine), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; does not sufficiently validate the LDAP data source configuration XML document acce…
|
CWE-20
Improper Input Validation
|
CVE-2020-6202
|
2024-11-21 14:35 |
2020-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199495
|
6.1 |
MEDIUM
Network
|
sap
|
commerce_cloud
|
The SAP Commerce (Testweb Extension), versions- 6.6, 6.7, 1808, 1811, 1905, does not sufficiently encode user-controlled inputs, due to which certain GET URL parameters are reflected in the HTTP resp…
|
CWE-79
Cross-site Scripting
|
CVE-2020-6201
|
2024-11-21 14:35 |
2020-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199496
|
5.4 |
MEDIUM
Network
|
sap
|
commerce_cloud
|
The SAP Commerce (SmartEdit Extension), versions- 6.6, 6.7, 1808, 1811, is vulnerable to client-side angularjs template injection, a variant of Cross-Site-Scripting (XSS) that exploits the templating…
|
CWE-79
Cross-site Scripting
|
CVE-2020-6200
|
2024-11-21 14:35 |
2020-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199497
|
5.4 |
MEDIUM
Network
|
sap
|
erp
|
The view FIMENAV_COMPCERT in SAP ERP (MENA Certificate Management), EAPPGLO version 607, SAP_FIN versions- 618, 730 and SAP S/4HANA (MENA Certificate Management), S4CORE versions- 100, 101, 102, 103,…
|
CWE-862
Missing Authorization
|
CVE-2020-6199
|
2024-11-21 14:35 |
2020-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199498
|
9.8 |
CRITICAL
Network
|
sap
|
solution_manager
|
SAP Solution Manager (Diagnostics Agent), version 720, allows unencrypted connections from unauthenticated sources. This allows an attacker to control all remote functions on the Agent due to Missing…
|
CWE-306
CWE-319
Missing Authentication for Critical Function
Cleartext Transmission of Sensitive Information
|
CVE-2020-6198
|
2024-11-21 14:35 |
2020-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199499
|
3.3 |
LOW
Local
|
sap
|
enable_now
|
SAP Enable Now, before version 1908, does not invalidate session tokens in a timely manner. The Insufficient Session Expiration may allow attackers with local access, for instance, to still download …
|
CWE-613
Insufficient Session Expiration
|
CVE-2020-6197
|
2024-11-21 14:35 |
2020-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199500
|
7.5 |
HIGH
Network
|
sap
|
businessobjects_mobile
|
SAP BusinessObjects Mobile (MobileBIService), version 4.2, allows an attacker to generate multiple requests, using which he can block all the threads resulting in a Denial of Service.
|
NVD-CWE-noinfo
|
CVE-2020-6196
|
2024-11-21 14:35 |
2020-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
