|
202361
|
5.4 |
MEDIUM
Network
|
sap
|
netweaver_knowledge_management
|
SAP NetWeaver (Knowledge Management), version-7.30,7.31,7.40,7.50, allows an authenticated attacker to create malicious links in the UI, when clicked by victim, will execute arbitrary java scripts th…
|
CWE-79
Cross-site Scripting
|
CVE-2020-6326
|
2024-11-21 14:35 |
2020-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202362
|
4.3 |
MEDIUM
Network
|
sap
|
3d_visual_enterprise_viewer
|
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated 3DM file received from untrusted sources which results in crashing of the application and becoming temporarily unavaila…
|
CWE-125
Out-of-bounds Read
|
CVE-2020-6322
|
2024-11-21 14:35 |
2020-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202363
|
6.5 |
MEDIUM
Network
|
sap
|
3d_visual_enterprise_viewer
|
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated U3D file received from untrusted sources which results in crashing of the application and becoming temporarily unavaila…
|
CWE-824
Access of Uninitialized Pointer
|
CVE-2020-6321
|
2024-11-21 14:35 |
2020-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202364
|
8.1 |
HIGH
Network
|
sap
|
marketing
|
SAP Marketing (Servlet), version-130,140,150, allows an authenticated attacker to invoke certain functions that are restricted. Limited knowledge of payload is required for an attacker to exploit the…
|
NVD-CWE-noinfo
|
CVE-2020-6320
|
2024-11-21 14:35 |
2020-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202365
|
4.3 |
MEDIUM
Network
|
sap
|
3d_visual_enterprise_viewer
|
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HPGL file received from untrusted sources which results in crashing of the application and becoming temporarily unavail…
|
CWE-20
Improper Input Validation
|
CVE-2020-6314
|
2024-11-21 14:35 |
2020-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202366
|
6.5 |
MEDIUM
Network
|
sap
|
netweaver_application_server_java
|
SAP NetWeaver Application Server JAVA(XML Forms) versions 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user controlled inputs, which allows an authenticated User with special roles to store ma…
|
CWE-79
CWE-116
Cross-site Scripting
Improper Encoding or Escaping of Output
|
CVE-2020-6313
|
2024-11-21 14:35 |
2020-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202367
|
8.1 |
HIGH
Network
|
sap
|
commerce
|
SAP Commerce versions 6.7, 1808, 1811, 1905, 2005 contains the jSession ID in the backoffice URL when the application is loaded initially. An attacker can get this session ID via shoulder surfing or …
|
NVD-CWE-noinfo
|
CVE-2020-6302
|
2024-11-21 14:35 |
2020-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202368
|
7.2 |
HIGH
Network
|
sap
|
abap_platform
|
A Remote Code Execution vulnerability exists in the SAP NetWeaver (ABAP Server, up to release 7.40) and ABAP Platform (> release 7.40).Because of this, an attacker can exploit these products via Code…
|
CWE-94
Code Injection
|
CVE-2020-6318
|
2024-11-21 14:35 |
2020-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202369
|
5.4 |
MEDIUM
Network
|
sap
|
businessobjects_business_intelligence_platform
|
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), versions - 4.1, 4.2, allows an attacker with a non-administrative user account that can edit certain web page pro…
|
CWE-79
Cross-site Scripting
|
CVE-2020-6312
|
2024-11-21 14:35 |
2020-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202370
|
5.3 |
MEDIUM
Network
|
sap
|
businessobjects_business_intelligence_platform
|
SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface) allows an attacker with edit document rights to upload any file (including script files) without proper file form…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-6288
|
2024-11-21 14:35 |
2020-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
