|
209651
|
9.1 |
CRITICAL
Network
|
sap
|
bw\/4hana
business_warehouse
|
SAP Business Warehouse, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 782, and SAP BW4HANA, versions - 100, 200 allows an attacker authenticated with (high) developer privileges t…
|
CWE-78
OS Command
|
CVE-2020-26838
|
2024-11-21 14:20 |
2020-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209652
|
6.1 |
MEDIUM
Network
|
sap
|
netweaver_application_server_abap
|
SAP NetWeaver AS ABAP, versions - 740, 750, 751, 752, 753, 754 , does not sufficiently encode URL which allows an attacker to input malicious java script in the URL which could be executed in the bro…
|
CWE-79
Cross-site Scripting
|
CVE-2020-26835
|
2024-11-21 14:20 |
2020-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209653
|
5.4 |
MEDIUM
Network
|
sap
|
hana_database
|
SAP HANA Database, version - 2.0, does not correctly validate the username when performing SAML bearer token-based user authentication. It is possible to manipulate a valid existing SAML bearer token…
|
CWE-287
Improper Authentication
|
CVE-2020-26834
|
2024-11-21 14:20 |
2020-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209654
|
9.6 |
CRITICAL
Network
|
sap
|
businessobjects_business_intelligence_platform
|
SAP BusinessObjects BI Platform (Crystal Report), versions - 4.1, 4.2, 4.3, does not sufficiently validate uploaded XML entities during crystal report generation due to missing XML validation, An att…
|
NVD-CWE-Other
|
CVE-2020-26831
|
2024-11-21 14:20 |
2020-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209655
|
6.4 |
MEDIUM
Network
|
sap
|
disclosure_management
|
SAP Disclosure Management, version - 10.1, provides capabilities for authorized users to upload and download content of specific file type. In some file types it is possible to enter formulas which c…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-26828
|
2024-11-21 14:20 |
2020-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209656
|
6.5 |
MEDIUM
Network
|
sap
|
netweaver_application_server_java
|
Process Integration Monitoring of SAP NetWeaver AS JAVA, versions - 7.31, 7.40, 7.50, allows an attacker to upload any file (including script files) without proper file format validation, leading to …
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-26826
|
2024-11-21 14:20 |
2020-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209657
|
7.6 |
HIGH
Network
|
sap
|
s\/4_hana
netweaver_application_server_abap
|
SAP AS ABAP (SAP Landscape Transformation), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SAP S4 HANA (SAP Landscape Transformation), version…
|
CWE-862
Missing Authorization
|
CVE-2020-26832
|
2024-11-21 14:20 |
2020-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209658
|
8.1 |
HIGH
Network
|
sap
|
solution_manager
|
SAP Solution Manager 7.2 (User Experience Monitoring), version - 7.2, does not perform necessary authorization checks for an authenticated user. Due to inadequate access control, a network attacker a…
|
CWE-862
Missing Authorization
|
CVE-2020-26830
|
2024-11-21 14:20 |
2020-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209659
|
10.0 |
CRITICAL
Network
|
sap
|
netweaver_application_server_java
|
SAP NetWeaver AS JAVA (P2P Cluster Communication), versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows arbitrary connections from processes because of missing authentication check, that are outside…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-26829
|
2024-11-21 14:20 |
2020-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209660
|
4.5 |
MEDIUM
Adjacent
|
sap
|
netweaver_application_server_java
|
SAP AS JAVA (Key Storage Service), versions - 7.10, 7.11, 7.20 ,7.30, 7.31, 7.40, 7.50, has the key material which is stored in the SAP NetWeaver AS Java Key Storage service stored in the database in…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2020-26816
|
2024-11-21 14:20 |
2020-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
