Vulnerabilities (CVE)

Filtered by vendor Sap Subscribe
Total 1485 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-6369 1 Sap 2 Focused Run, Solution Manager 2024-11-21 4.3 MEDIUM 5.9 MEDIUM
SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an unauthenticated attackers to bypass the authentication if the default passwords for Admin and Guest have not been changed by the administrator.This may impact the confidentiality of the service.
CVE-2020-6368 1 Sap 1 Business Planning And Consolidation 2024-11-21 3.5 LOW 5.4 MEDIUM
SAP Business Planning and Consolidation, versions - 750, 751, 752, 753, 754, 755, 810, 100, 200, can be abused by an attacker, allowing them to modify displayed application content without authorization, and to potentially obtain authentication information from other legitimate users, leading to Cross Site Scripting.
CVE-2020-6367 1 Sap 1 Netweaver Composite Application Framework 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
There is a reflected cross site scripting vulnerability in SAP NetWeaver Composite Application Framework, versions - 7.20, 7.30, 7.31, 7.40, 7.50. An unauthenticated attacker can trick an unsuspecting authenticated user to click on a malicious link. The end users browser has no way to know that the script should not be trusted, and will execute the script, resulting in sensitive information being disclosed or modified.
CVE-2020-6366 1 Sap 1 Netweaver Compare Systems 2024-11-21 5.5 MEDIUM 6.5 MEDIUM
SAP NetWeaver (Compare Systems) versions - 7.20, 7.30, 7.40, 7.50, does not sufficiently validate uploaded XML documents. An attacker with administrative privileges can retrieve arbitrary files including files on OS level from the server and/or can execute a denial-of-service.
CVE-2020-6365 1 Sap 1 Netweaver Application Server Java 2024-11-21 5.8 MEDIUM 6.1 MEDIUM
SAP NetWeaver AS Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, Start Page allows an unauthenticated remote attacker to redirect users to a malicious site due to insufficient reverse tabnabbing URL validation. The attacker could execute phishing attacks to steal credentials of the victim or to redirect users to untrusted web pages containing malware or similar malicious exploits.
CVE-2020-6364 1 Sap 1 Introscope Enterprise Manager 2024-11-21 10.0 HIGH 10.0 CRITICAL
SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an attacker to modify a cookie in a way that OS commands can be executed and potentially gain control over the host running the CA Introscope Enterprise Manager,leading to Code Injection. With this, the attacker is able to read and modify all system files and also impact system availability.
CVE-2020-6363 1 Sap 1 Commerce Cloud 2024-11-21 4.9 MEDIUM 4.6 MEDIUM
SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, exposes several web applications that maintain sessions with a user. These sessions are established after the user has authenticated with username/passphrase credentials. The user can change their own passphrase, but this does not invalidate active sessions that the user may have with SAP Commerce Cloud web applications, which gives an attacker the opportunity to reuse old session credentials, resulting in Insufficient Session Expiration.
CVE-2020-6362 1 Sap 1 Banking Services 2024-11-21 6.8 MEDIUM 6.5 MEDIUM
SAP Banking Services version 500, use an incorrect authorization object in some of its reports. Although the affected reports are protected with otherauthorization objects, exploitation of the vulnerability could lead to privilege escalation and violation in segregation of duties, which in turn could lead to Service interruptions and system unavailability for the victim and users of the component.
CVE-2020-6361 1 Sap 1 3d Visual Enterprise Viewer 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated RLE files received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
CVE-2020-6360 1 Sap 1 3d Visual Enterprise Viewer 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated DIB file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
CVE-2020-6359 1 Sap 1 3d Visual Enterprise Viewer 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PLT file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
CVE-2020-6358 1 Sap 1 3d Visual Enterprise Viewer 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated FBX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
CVE-2020-6357 1 Sap 1 3d Visual Enterprise Viewer 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated U3D file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
CVE-2020-6356 1 Sap 1 3d Visual Enterprise Viewer 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated BMP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
CVE-2020-6355 1 Sap 1 3d Visual Enterprise Viewer 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated TGA file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
CVE-2020-6354 1 Sap 1 3d Visual Enterprise Viewer 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated SKP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
CVE-2020-6353 1 Sap 1 3d Visual Enterprise Viewer 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated SKP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
CVE-2020-6352 1 Sap 1 3d Visual Enterprise Viewer 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated FBX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
CVE-2020-6351 1 Sap 1 3d Visual Enterprise Viewer 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated FBX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
CVE-2020-6350 1 Sap 1 3d Visual Enterprise Viewer 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated BMP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.