|
202221
|
6.5 |
MEDIUM
Network
|
sap
|
netweaver
|
SAP NetWeaver - XML Toolkit for JAVA (ENGINEAPI) (versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50), under certain conditions allows an attacker to access information which would otherwise be restr…
|
NVD-CWE-noinfo
|
CVE-2020-6285
|
2024-11-21 14:35 |
2020-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202222
|
5.8 |
MEDIUM
Network
|
sap
|
netweaver_application_server_java
|
SAP NetWeaver AS JAVA (IIOP service) (SERVERCORE), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, and SAP NetWeaver AS JAVA (IIOP service) (CORE-TOOLS), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.4…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-6282
|
2024-11-21 14:35 |
2020-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202223
|
6.1 |
MEDIUM
Network
|
sap
|
businessobjects_business_intelligence_platform
|
SAP Business Objects Business Intelligence Platform (BI Launchpad), version 4.2, does not sufficiently encode user-controlled inputs, resulting reflected in Cross-Site Scripting.
|
CWE-79
Cross-site Scripting
|
CVE-2020-6281
|
2024-11-21 14:35 |
2020-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202224
|
2.7 |
LOW
Network
|
sap
|
abap_platform
netweaver_application_server_abap
|
SAP NetWeaver (ABAP Server) and ABAP Platform, versions 731, 740, 750, allows an attacker with admin privileges to access certain files which should otherwise be restricted, leading to Information Di…
|
NVD-CWE-noinfo
|
CVE-2020-6280
|
2024-11-21 14:35 |
2020-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202225
|
5.4 |
MEDIUM
Network
|
sap
|
businessobjects_business_intelligence_platform
|
SAP Business Objects Business Intelligence Platform (BI Launchpad and CMC), versions 4.1, 4.2, allows to an attacker to embed malicious scripts in the application while uploading images, which gets e…
|
CWE-79
Cross-site Scripting
|
CVE-2020-6278
|
2024-11-21 14:35 |
2020-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202226
|
6.1 |
MEDIUM
Network
|
sap
|
businessobjects_business_intelligence_platform
|
SAP Business Objects Business Intelligence Platform (bipodata), version 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability.
|
CWE-79
Cross-site Scripting
|
CVE-2020-6276
|
2024-11-21 14:35 |
2020-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202227
|
5.4 |
MEDIUM
Network
|
sap
|
disclosure_management
|
Some sensitive cookies in SAP Disclosure Management, version 10.1, are missing HttpOnly flag, leading to sensitive cookie without Http Only flag.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-6267
|
2024-11-21 14:35 |
2020-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202228
|
7.2 |
HIGH
Network
|
icehrm
|
icehrm
|
An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) . A specially crafted HTTP request …
|
CWE-89
SQL Injection
|
CVE-2020-6114
|
2024-11-21 14:35 |
2020-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202229
|
7.8 |
HIGH
Local
|
leadtools
|
leadtools
|
An exploitable code execution vulnerability exists in the ANI file format parser of Leadtools 20. A specially crafted ANI file can cause a buffer overflow resulting in remote code execution. An attac…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-6089
|
2024-11-21 14:35 |
2020-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202230
|
5.3 |
MEDIUM
Network
|
sap
|
solution_manager
|
SAP Solution Manager (Trace Analysis), version 7.20, allows an attacker to perform a log injection into the trace file, due to Incomplete XML Validation. The readability of the trace file is impaired.
|
CWE-20
CWE-116
Improper Input Validation
Improper Encoding or Escaping of Output
|
CVE-2020-6261
|
2024-11-21 14:35 |
2020-07-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
