|
196371
|
8.2 |
HIGH
Network
|
sap
|
solution_manager
|
SAP Solution Manager (Problem Context Manager), version 7.2, does not perform the necessary authentication, allowing an attacker to consume large amounts of memory, causing the system to crash and re…
|
CWE-91
Blind XPath Injection
|
CVE-2020-6271
|
2024-11-21 14:35 |
2020-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196372
|
6.5 |
MEDIUM
Network
|
sap
|
netweaver_application_server_abap
|
SAP NetWeaver AS ABAP (Banking Services), versions - 710, 711, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not perform necessary authorization checks for an authenticated user due to Missing Au…
|
CWE-862
Missing Authorization
|
CVE-2020-6270
|
2024-11-21 14:35 |
2020-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196373
|
6.5 |
MEDIUM
Network
|
sap
|
businessobjects_business_intelligence_platform
|
Under certain conditions SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker to access information which would otherwise be restricted, leading to Information Disclos…
|
NVD-CWE-noinfo
|
CVE-2020-6269
|
2024-11-21 14:35 |
2020-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196374
|
8.1 |
HIGH
Network
|
sap
|
erp_\(s4core\)
erp_\(ea-finserv\)
|
Statutory Reporting for Insurance Companies in SAP ERP (EA-FINSERV versions - 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104) does not execute the required authori…
|
CWE-862
Missing Authorization
|
CVE-2020-6268
|
2024-11-21 14:35 |
2020-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196375
|
5.4 |
MEDIUM
Network
|
sap
|
fiori
|
SAP Fiori for SAP S/4HANA, versions - 100, 200, 300, 400, allows an attacker to redirect users to a malicious site due to insufficient URL validation, leading to URL Redirection.
|
CWE-601
Open Redirect
|
CVE-2020-6266
|
2024-11-21 14:35 |
2020-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196376
|
7.5 |
HIGH
Network
|
sap
|
commerce
|
SAP Commerce, versions - 6.7, 1808, 1811, 1905, may allow an attacker to access information under certain conditions which would otherwise be restricted, leading to Information Disclosure.
|
NVD-CWE-noinfo
|
CVE-2020-6264
|
2024-11-21 14:35 |
2020-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196377
|
9.8 |
CRITICAL
Network
|
sap
|
netweaver_application_server_java
|
Standalone clients connecting to SAP NetWeaver AS Java via P4 Protocol, versions (SAP-JEECOR 7.00, 7.01; SERVERCOR 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; CORE-TOOLS 7.00, 7.01, 7.02, 7.05, 7.10, 7…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-6263
|
2024-11-21 14:35 |
2020-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196378
|
5.3 |
MEDIUM
Network
|
sap
|
solution_manager
|
SAP Solution Manager (Trace Analysis), version 7.20, allows an attacker to inject superflous data that can be displayed by the application, due to Incomplete XML Validation. The application shows add…
|
CWE-91
Blind XPath Injection
|
CVE-2020-6260
|
2024-11-21 14:35 |
2020-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196379
|
6.1 |
MEDIUM
Network
|
sap
|
netweaver_as_abap_business_server_pages
|
SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_TABLE, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not sufficiently encode user-controlled inputs, result…
|
CWE-79
Cross-site Scripting
|
CVE-2020-6246
|
2024-11-21 14:35 |
2020-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196380
|
4.4 |
MEDIUM
Local
|
sap
|
business_one
|
Under certain conditions SAP Business One (Backup service), versions 9.3, 10.0, allows an attacker with admin permissions to view SYSTEM user password in clear text, leading to Information Disclosure.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-6239
|
2024-11-21 14:35 |
2020-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
