|
196441
|
4.3 |
MEDIUM
Network
|
sap
|
master_data_governance
|
SAP Master Data Governance, versions - 748, 749, 750, 751, 752, 800, 801, 802, 803, 804, allows users to display change request details without having required authorizations, due to Missing Authoriz…
|
CWE-862
Missing Authorization
|
CVE-2020-6256
|
2024-11-21 14:35 |
2020-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196442
|
6.1 |
MEDIUM
Network
|
sap
|
enterprise_threat_detection
|
SAP Enterprise Threat Detection, versions 1.0, 2.0, does not sufficiently encode error response pages in case of errors, allowing XSS payload reflecting in the response, leading to reflected Cross Si…
|
CWE-79
Cross-site Scripting
|
CVE-2020-6254
|
2024-11-21 14:35 |
2020-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196443
|
7.2 |
HIGH
Network
|
sap
|
adaptive_server_enterprise
|
Under certain conditions, SAP Adaptive Server Enterprise (Web Services), versions 15.7, 16.0, allows an authenticated user to execute crafted database queries to elevate their privileges, modify data…
|
CWE-89
SQL Injection
|
CVE-2020-6253
|
2024-11-21 14:35 |
2020-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196444
|
8.0 |
HIGH
Adjacent
|
sap
|
adaptive_server_enterprise_cockpit
|
Under certain conditions SAP Adaptive Server Enterprise (Cockpit), version 16.0, allows an attacker with access to local network, to get sensitive and confidential information, leading to Information…
|
NVD-CWE-noinfo
|
CVE-2020-6252
|
2024-11-21 14:35 |
2020-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196445
|
6.5 |
MEDIUM
Network
|
sap
|
businessobjects_business_intelligence_platform
|
Under certain conditions or error scenarios SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker to access information which would otherwise be restricted.
|
NVD-CWE-noinfo
|
CVE-2020-6251
|
2024-11-21 14:35 |
2020-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196446
|
6.8 |
MEDIUM
Adjacent
|
sap
|
adaptive_server_enterprise
|
SAP Adaptive Server Enterprise, version 16.0, allows an authenticated attacker to exploit certain misconfigured endpoints exposed over the adjacent network, to read system administrator password lead…
|
NVD-CWE-noinfo
|
CVE-2020-6250
|
2024-11-21 14:35 |
2020-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196447
|
8.8 |
HIGH
Network
|
sap
|
master_data_governance_\(s4fnd\)
master_data_governance_\(sap_bs_fnd\)
master_data_governance_\(s4core\)
|
The use of an admin backend report within SAP Master Data Governance, versions - S4CORE 101, S4FND 102, 103, 104, SAP_BS_FND 748; allows an attacker to execute crafted database queries, exposing the …
|
CWE-89
SQL Injection
|
CVE-2020-6249
|
2024-11-21 14:35 |
2020-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196448
|
7.2 |
HIGH
Network
|
sap
|
adaptive_server_enterprise_backup_server
|
SAP Adaptive Server Enterprise (Backup Server), version 16.0, does not perform the necessary validation checks for an authenticated user while executing DUMP or LOAD command allowing arbitrary code e…
|
CWE-94
CWE-20
Code Injection
Improper Input Validation
|
CVE-2020-6248
|
2024-11-21 14:35 |
2020-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196449
|
7.5 |
HIGH
Network
|
sap
|
businessobjects_business_intelligence_platform
|
SAP Business Objects Business Intelligence Platform, version 4.2, allows an unauthenticated attacker to prevent legitimate users from accessing a service. Using a specially crafted request, the attac…
|
NVD-CWE-noinfo
|
CVE-2020-6247
|
2024-11-21 14:35 |
2020-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196450
|
6.7 |
MEDIUM
Local
|
sap
|
businessobjects_business_intelligence_platform
|
SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker with access to local instance, to inject file or code that can be executed by the application due to Improper Cont…
|
CWE-74
Injection
|
CVE-2020-6245
|
2024-11-21 14:35 |
2020-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
