Vulnerabilities (CVE)

Filtered by CWE-20
Total 9858 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-6374 1 Sap 1 3d Visual Enterprise Viewer 2024-11-21 6.8 MEDIUM 7.8 HIGH
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated Jupiter Tessallation(.jt) file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
CVE-2020-6373 1 Sap 1 3d Visual Enterprise Viewer 2024-11-21 6.8 MEDIUM 7.8 HIGH
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PDF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
CVE-2020-6372 1 Sap 1 3d Visual Enterprise Viewer 2024-11-21 6.8 MEDIUM 7.8 HIGH
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PDF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
CVE-2020-6366 1 Sap 1 Netweaver Compare Systems 2024-11-21 5.5 MEDIUM 6.5 MEDIUM
SAP NetWeaver (Compare Systems) versions - 7.20, 7.30, 7.40, 7.50, does not sufficiently validate uploaded XML documents. An attacker with administrative privileges can retrieve arbitrary files including files on OS level from the server and/or can execute a denial-of-service.
CVE-2020-6348 1 Sap 1 3d Visual Enterprise Viewer 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated GIF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
CVE-2020-6344 1 Sap 1 3d Visual Enterprise Viewer 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PDF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
CVE-2020-6338 1 Sap 1 3d Visual Enterprise Viewer 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated RH file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
CVE-2020-6334 1 Sap 1 3d Visual Enterprise Viewer 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated SKP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
CVE-2020-6333 1 Sap 1 3d Visual Enterprise Viewer 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated 3DM file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
CVE-2020-6332 1 Sap 1 3d Visual Enterprise Viewer 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HPGL file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
CVE-2020-6314 1 Sap 1 3d Visual Enterprise Viewer 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HPGL file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
CVE-2020-6304 1 Sap 5 Netweaver Internet Communication Manager \(kernel\), Netweaver Internet Communication Manager \(krnl32nuc\), Netweaver Internet Communication Manager \(krnl32uc\) and 2 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
Improper input validation in SAP NetWeaver Internet Communication Manager (update provided in KRNL32NUC & KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT KRNL64NUC & KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49 KERNEL 7.21, 7.49, 7.53) allows an attacker to prevent users from accessing its services through a denial of service.
CVE-2020-6261 1 Sap 1 Solution Manager 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
SAP Solution Manager (Trace Analysis), version 7.20, allows an attacker to perform a log injection into the trace file, due to Incomplete XML Validation. The readability of the trace file is impaired.
CVE-2020-6248 1 Sap 1 Adaptive Server Enterprise Backup Server 2024-11-21 6.5 MEDIUM 7.2 HIGH
SAP Adaptive Server Enterprise (Backup Server), version 16.0, does not perform the necessary validation checks for an authenticated user while executing DUMP or LOAD command allowing arbitrary code execution or Code Injection.
CVE-2020-6227 1 Sap 1 Businessobjects Business Intelligence Platform 2024-11-21 5.0 MEDIUM 7.5 HIGH
SAP Business Objects Business Intelligence Platform (CMS / Auditing issues), version 4.2, allows attacker to send specially crafted GIOP packets to several services due to Improper Input Validation, allowing to forge additional entries in GLF log files.
CVE-2020-6202 1 Sap 1 Netweaver Application Server Java 2024-11-21 6.5 MEDIUM 7.2 HIGH
SAP NetWeaver Application Server Java (User Management Engine), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; does not sufficiently validate the LDAP data source configuration XML document accepted from an untrusted source, leading to Missing XML Validation.
CVE-2020-6192 1 Sap 1 Landscape Management 2024-11-21 9.0 HIGH 7.2 HIGH
SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious commands with root privileges in SAP Host Agent via SAP Landscape Management.
CVE-2020-6191 1 Sap 1 Landscape Management 2024-11-21 9.0 HIGH 7.2 HIGH
SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious executables with root privileges in SAP Host Agent via SAP Landscape Management due to Missing Input Validation.
CVE-2020-6177 1 Sap 1 Mobile Platform 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
SAP Mobile Platform, version 3.0, does not sufficiently validate an XML document accepted from an untrusted source which could lead to partial denial of service. Since SAP Mobile Platform does not allow External-Entity resolving, there is no issue of leaking content of files on the server.
CVE-2020-6020 1 Checkpoint 1 Ica Management Portal 2024-11-21 7.4 HIGH 6.4 MEDIUM
Check Point Security Management's Internal CA web management before Jumbo HFAs R80.10 Take 278, R80.20 Take 160, R80.30 Take 210, and R80.40 Take 38, can be manipulated to run commands as a high privileged user or crash, due to weak input validation on inputs by a trusted management administrator.