|
201311
|
8.8 |
HIGH
Network
|
sap
|
disclosure_management
|
SAP Disclosure Management, version 10.1, had insufficient protection against Cross-Site Request Forgery, which could be used to trick user in to browsing malicious site.
|
CWE-352
Origin Validation Error
|
CVE-2020-6289
|
2024-11-21 14:35 |
2020-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201312
|
10.0 |
CRITICAL
Network
|
sap
|
netweaver_application_server_java
|
SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configura…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-6287
|
2024-11-21 14:35 |
2020-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201313
|
5.3 |
MEDIUM
Network
|
sap
|
netweaver_application_server_java
|
The insufficient input path validation of certain parameter in the web service of SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacke…
|
CWE-22
Path Traversal
|
CVE-2020-6286
|
2024-11-21 14:35 |
2020-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201314
|
6.5 |
MEDIUM
Network
|
sap
|
netweaver
|
SAP NetWeaver - XML Toolkit for JAVA (ENGINEAPI) (versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50), under certain conditions allows an attacker to access information which would otherwise be restr…
|
NVD-CWE-noinfo
|
CVE-2020-6285
|
2024-11-21 14:35 |
2020-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201315
|
5.8 |
MEDIUM
Network
|
sap
|
netweaver_application_server_java
|
SAP NetWeaver AS JAVA (IIOP service) (SERVERCORE), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, and SAP NetWeaver AS JAVA (IIOP service) (CORE-TOOLS), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.4…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-6282
|
2024-11-21 14:35 |
2020-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201316
|
6.1 |
MEDIUM
Network
|
sap
|
businessobjects_business_intelligence_platform
|
SAP Business Objects Business Intelligence Platform (BI Launchpad), version 4.2, does not sufficiently encode user-controlled inputs, resulting reflected in Cross-Site Scripting.
|
CWE-79
Cross-site Scripting
|
CVE-2020-6281
|
2024-11-21 14:35 |
2020-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201317
|
2.7 |
LOW
Network
|
sap
|
abap_platform
netweaver_application_server_abap
|
SAP NetWeaver (ABAP Server) and ABAP Platform, versions 731, 740, 750, allows an attacker with admin privileges to access certain files which should otherwise be restricted, leading to Information Di…
|
NVD-CWE-noinfo
|
CVE-2020-6280
|
2024-11-21 14:35 |
2020-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201318
|
5.4 |
MEDIUM
Network
|
sap
|
businessobjects_business_intelligence_platform
|
SAP Business Objects Business Intelligence Platform (BI Launchpad and CMC), versions 4.1, 4.2, allows to an attacker to embed malicious scripts in the application while uploading images, which gets e…
|
CWE-79
Cross-site Scripting
|
CVE-2020-6278
|
2024-11-21 14:35 |
2020-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201319
|
6.1 |
MEDIUM
Network
|
sap
|
businessobjects_business_intelligence_platform
|
SAP Business Objects Business Intelligence Platform (bipodata), version 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability.
|
CWE-79
Cross-site Scripting
|
CVE-2020-6276
|
2024-11-21 14:35 |
2020-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201320
|
5.4 |
MEDIUM
Network
|
sap
|
disclosure_management
|
Some sensitive cookies in SAP Disclosure Management, version 10.1, are missing HttpOnly flag, leading to sensitive cookie without Http Only flag.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-6267
|
2024-11-21 14:35 |
2020-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
