|
208291
|
10.0 |
CRITICAL
Network
|
sap
|
solution_manager
|
SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the SVG Converter Service, this has an impact…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-26821
|
2024-11-21 14:20 |
2020-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208292
|
7.2 |
HIGH
Network
|
sap
|
netweaver_application_server_java
|
SAP NetWeaver AS JAVA, versions - 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker who is authenticated as an administrator to use the administrator console, to expose unauthenticated access to the f…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-26820
|
2024-11-21 14:20 |
2020-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208293
|
8.8 |
HIGH
Network
|
sap
|
netweaver_application_server_abap
|
SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, that allows them to read and delete database …
|
NVD-CWE-noinfo
|
CVE-2020-26819
|
2024-11-21 14:20 |
2020-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208294
|
8.8 |
HIGH
Network
|
sap
|
netweaver_application_server_abap
|
SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, which reveals sensitive system information th…
|
CWE-862
Missing Authorization
|
CVE-2020-26818
|
2024-11-21 14:20 |
2020-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208295
|
7.8 |
HIGH
Local
|
sap
|
3d_visual_enterprise_viewer
|
SAP 3D Visual Enterprise Viewer, version - 9, allows an user to open manipulated HPGL file received from untrusted sources which results in crashing of the application and becoming temporarily unavai…
|
CWE-20
CWE-787
Improper Input Validation
Out-of-bounds Write
|
CVE-2020-26817
|
2024-11-21 14:20 |
2020-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208296
|
4.9 |
MEDIUM
Network
|
sap
|
process_integration_\(pgp_module_-_business-to-business_add_on\)
|
SAP Process Integration (PGP Module - Business-to-Business Add On), version - 1.0, allows an attacker to read PGP Keys under certain conditions in the PGP Module of Business-to-Business Add-On, these…
|
NVD-CWE-noinfo
|
CVE-2020-26814
|
2024-11-21 14:20 |
2020-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208297
|
5.3 |
MEDIUM
Network
|
sap
|
commerce_cloud_\(accelerator_payment_mock\)
|
SAP Commerce Cloud (Accelerator Payment Mock), versions - 1808, 1811, 1905, 2005, allows an unauthenticated attacker to submit a crafted request over a network to a particular SAP Commerce module URL…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-26811
|
2024-11-21 14:20 |
2020-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208298
|
7.5 |
HIGH
Network
|
sap
|
commerce_cloud_\(accelerator_payment_mock\)
|
SAP Commerce Cloud (Accelerator Payment Mock), versions - 1808, 1811, 1905, 2005, allows an unauthenticated attacker to submit a crafted request over a network to a particular SAP Commerce module URL…
|
NVD-CWE-noinfo
|
CVE-2020-26810
|
2024-11-21 14:20 |
2020-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208299
|
8.6 |
HIGH
Network
|
sap
|
fiori_launchpad_\(news_tile_application\)
|
SAP Fiori Launchpad (News tile Application), versions - 750,751,752,753,754,755, allows an unauthorized attacker to send a crafted request to a vulnerable web application. It is usually used to targe…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-26815
|
2024-11-21 14:20 |
2020-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208300
|
5.3 |
MEDIUM
Network
|
sap
|
commerce_cloud
|
SAP Commerce Cloud, versions- 1808,1811,1905,2005, allows an attacker to bypass existing authentication and permission checks via the '/medias' endpoint hence gaining access to Secure Media folders. …
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-26809
|
2024-11-21 14:20 |
2020-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
