|
200061
|
5.4 |
MEDIUM
Network
|
sap
|
businessobjects_business_intelligence_platform
|
SAP Business Objects Business Intelligence Platform (CMC and BI Launchpad) 4.2 does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability.
|
CWE-79
Cross-site Scripting
|
CVE-2020-6257
|
2024-11-21 14:35 |
2020-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200062
|
4.3 |
MEDIUM
Network
|
sap
|
master_data_governance
|
SAP Master Data Governance, versions - 748, 749, 750, 751, 752, 800, 801, 802, 803, 804, allows users to display change request details without having required authorizations, due to Missing Authoriz…
|
CWE-862
Missing Authorization
|
CVE-2020-6256
|
2024-11-21 14:35 |
2020-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200063
|
6.1 |
MEDIUM
Network
|
sap
|
enterprise_threat_detection
|
SAP Enterprise Threat Detection, versions 1.0, 2.0, does not sufficiently encode error response pages in case of errors, allowing XSS payload reflecting in the response, leading to reflected Cross Si…
|
CWE-79
Cross-site Scripting
|
CVE-2020-6254
|
2024-11-21 14:35 |
2020-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200064
|
7.2 |
HIGH
Network
|
sap
|
adaptive_server_enterprise
|
Under certain conditions, SAP Adaptive Server Enterprise (Web Services), versions 15.7, 16.0, allows an authenticated user to execute crafted database queries to elevate their privileges, modify data…
|
CWE-89
SQL Injection
|
CVE-2020-6253
|
2024-11-21 14:35 |
2020-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200065
|
8.0 |
HIGH
Adjacent
|
sap
|
adaptive_server_enterprise_cockpit
|
Under certain conditions SAP Adaptive Server Enterprise (Cockpit), version 16.0, allows an attacker with access to local network, to get sensitive and confidential information, leading to Information…
|
NVD-CWE-noinfo
|
CVE-2020-6252
|
2024-11-21 14:35 |
2020-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200066
|
6.5 |
MEDIUM
Network
|
sap
|
businessobjects_business_intelligence_platform
|
Under certain conditions or error scenarios SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker to access information which would otherwise be restricted.
|
NVD-CWE-noinfo
|
CVE-2020-6251
|
2024-11-21 14:35 |
2020-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200067
|
6.8 |
MEDIUM
Adjacent
|
sap
|
adaptive_server_enterprise
|
SAP Adaptive Server Enterprise, version 16.0, allows an authenticated attacker to exploit certain misconfigured endpoints exposed over the adjacent network, to read system administrator password lead…
|
NVD-CWE-noinfo
|
CVE-2020-6250
|
2024-11-21 14:35 |
2020-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200068
|
8.8 |
HIGH
Network
|
sap
|
master_data_governance_\(s4fnd\)
master_data_governance_\(sap_bs_fnd\)
master_data_governance_\(s4core\)
|
The use of an admin backend report within SAP Master Data Governance, versions - S4CORE 101, S4FND 102, 103, 104, SAP_BS_FND 748; allows an attacker to execute crafted database queries, exposing the …
|
CWE-89
SQL Injection
|
CVE-2020-6249
|
2024-11-21 14:35 |
2020-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200069
|
7.2 |
HIGH
Network
|
sap
|
adaptive_server_enterprise_backup_server
|
SAP Adaptive Server Enterprise (Backup Server), version 16.0, does not perform the necessary validation checks for an authenticated user while executing DUMP or LOAD command allowing arbitrary code e…
|
CWE-94
CWE-20
Code Injection
Improper Input Validation
|
CVE-2020-6248
|
2024-11-21 14:35 |
2020-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200070
|
7.5 |
HIGH
Network
|
sap
|
businessobjects_business_intelligence_platform
|
SAP Business Objects Business Intelligence Platform, version 4.2, allows an unauthenticated attacker to prevent legitimate users from accessing a service. Using a specially crafted request, the attac…
|
NVD-CWE-noinfo
|
CVE-2020-6247
|
2024-11-21 14:35 |
2020-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
