|
202421
|
6.1 |
MEDIUM
Network
|
sap
|
netweaver_knowledge_management
|
SAP NetWeaver (Knowledge Management ICE Service), versions 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to execute malicious scripts leading to Reflected Cross-Site Scripting (XSS) vuln…
|
CWE-79
Cross-site Scripting
|
CVE-2020-6193
|
2024-11-21 14:35 |
2020-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202422
|
7.2 |
HIGH
Network
|
sap
|
landscape_management
|
SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious commands with root privileges in SAP Host Agent via SAP Landscape Management.
|
CWE-20
Improper Input Validation
|
CVE-2020-6192
|
2024-11-21 14:35 |
2020-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202423
|
7.2 |
HIGH
Network
|
sap
|
landscape_management
|
SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious executables with root privileges in SAP Host Agent via SAP Landscape Management due to Missing Inp…
|
CWE-20
Improper Input Validation
|
CVE-2020-6191
|
2024-11-21 14:35 |
2020-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202424
|
5.8 |
MEDIUM
Network
|
sap
|
netweaver_application_server_java
|
Certain vulnerable endpoints in SAP NetWeaver AS Java (Heap Dump Application), versions 7.30, 7.31, 7.40, 7.50, provide valuable information about the system like hostname, server node and installati…
|
CWE-200
Information Exposure
|
CVE-2020-6190
|
2024-11-21 14:35 |
2020-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202425
|
5.3 |
MEDIUM
Network
|
sap
|
businessobjects_business_intelligence_platform
|
Certain settings page(s) in SAP Business Objects Business Intelligence Platform (CMC), version 4.2, generates error messages that can give enterprise private-network related information which would o…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2020-6189
|
2024-11-21 14:35 |
2020-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202426
|
8.8 |
HIGH
Network
|
sap
|
erp
s\/4_hana
|
VAT Pro-Rata reports in SAP ERP (SAP_APPL versions 600, 602, 603, 604, 605, 606, 616 and SAP_FIN versions 617, 618, 700, 720, 730) and SAP S/4 HANA (versions 100, 101, 102, 103, 104) do not perform n…
|
CWE-862
Missing Authorization
|
CVE-2020-6188
|
2024-11-21 14:35 |
2020-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202427
|
4.9 |
MEDIUM
Network
|
sap
|
netweaver_guided_procedures
|
SAP NetWeaver (Guided Procedures), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML document input from a compromised admin, leading to Denial of Service.
|
CWE-611
XXE
|
CVE-2020-6187
|
2024-11-21 14:35 |
2020-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202428
|
7.5 |
HIGH
Network
|
sap
|
host_agent
|
SAP Host Agent, version 7.21, allows an attacker to cause a slowdown in processing of username/password-based authentication requests of the SAP Host Agent, leading to Denial of Service.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-6186
|
2024-11-21 14:35 |
2020-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202429
|
5.4 |
MEDIUM
Network
|
sap
|
netweaver
s\/4hana
|
Under certain conditions ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS versions 7.50, 7.51, 7.52, 7.53, 7.54), allows an authenticated attacker to store a…
|
CWE-79
Cross-site Scripting
|
CVE-2020-6185
|
2024-11-21 14:35 |
2020-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202430
|
6.1 |
MEDIUM
Network
|
sap
|
netweaver
s\/4hana
|
Under certain conditions, ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS versions 7.50, 7.51, 7.52, 7.53, 7.54), does not sufficiently encode user-controll…
|
CWE-79
Cross-site Scripting
|
CVE-2020-6184
|
2024-11-21 14:35 |
2020-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
