Filtered by vendor Sap
Subscribe
Total
1426 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-6224 | 1 Sap | 1 Netweaver Application Server Java | 2021-07-21 | 3.5 LOW | 6.2 MEDIUM |
| SAP NetWeaver AS Java (HTTP Service), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker with administrator privileges to access user sensitive data such as passwords in trace files, when the user logs in and sends request with login credentials, leading to Information Disclosure. | |||||
| CVE-2020-26822 | 1 Sap | 1 Solution Manager | 2021-07-21 | 6.4 MEDIUM | 10.0 CRITICAL |
| SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Outside Discovery Configuration Service, this has an impact to the integrity and availability of the service. | |||||
| CVE-2020-6317 | 1 Sap | 1 Adaptive Server Enterprise | 2021-07-21 | 2.7 LOW | 3.5 LOW |
| In certain situations, an attacker with regular user credentials and local access to an ASE cockpit installation can access sensitive information which appears in the installation log files. This information although sensitive is of limited utility and cannot be used to further access, modify or render unavailable any other information in the cockpit or system. This affects SAP Adaptive Server Enterprise, Versions - 15.7, 16.0. | |||||
| CVE-2020-6208 | 1 Sap | 1 Crystal Reports | 2021-07-21 | 4.4 MEDIUM | 8.2 HIGH |
| SAP Business Objects Business Intelligence Platform (Crystal Reports), versions- 4.1, 4.2, allows an attacker with basic authorization to inject code that can be executed by the application and thus allowing the attacker to control the behaviour of the application, leading to Remote Code Execution. Although the mode of attack is only Local, multiple applications can be impacted as a result of the vulnerability. | |||||
| CVE-2020-6307 | 1 Sap | 1 Basis | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Automated Note Search Tool (update provided in SAP Basis 7.0, 7.01, 7.02, 7.31, 7.4, 7.5, 7.51, 7.52, 7.53 and 7.54) does not perform sufficient authorization checks leading to the reading of sensitive information. | |||||
| CVE-2021-33689 | 1 Sap | 1 Netweaver Application Server Java | 2021-07-16 | 4.0 MEDIUM | 4.3 MEDIUM |
| When user with insufficient privileges tries to access any application in SAP NetWeaver Administrator (Administrator applications), version - 7.50, no security audit log is created. Therefore, security audit log Integrity is impacted. | |||||
| CVE-2021-33667 | 1 Sap | 1 Businessobjects Web Intelligence | 2021-07-16 | 4.0 MEDIUM | 4.3 MEDIUM |
| Under certain conditions, SAP Business Objects Web Intelligence (BI Launchpad) versions - 420, 430, allows an attacker to access jsp source code, through SDK calls, of Analytical Reporting bundle, a part of the frontend application, which would otherwise be restricted. | |||||
| CVE-2021-33681 | 1 Sap | 1 3d Visual Enterprise Viewer | 2021-07-16 | 4.3 MEDIUM | 6.5 MEDIUM |
| SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated CGM file received from untrusted sources which causes out of bounds write and causes the application to crash and becoming temporarily unavailable until the user restarts the application. | |||||
| CVE-2021-33671 | 1 Sap | 1 Netweaver Guided Procedures | 2021-07-16 | 6.5 MEDIUM | 8.8 HIGH |
| SAP NetWeaver Guided Procedures (Administration Workset), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. The impact of missing authorization could result to abuse of functionality restricted to a particular user group, and could allow unauthorized users to read, modify or delete restricted data. | |||||
| CVE-2021-33676 | 1 Sap | 1 Customer Relationship Management | 2021-07-16 | 6.5 MEDIUM | 7.2 HIGH |
| A missing authority check in SAP CRM, versions - 700, 701, 702, 712, 713, 714, could be leveraged by an attacker with high privileges to compromise confidentiality, integrity, or availability of the system. | |||||
| CVE-2021-33682 | 1 Sap | 1 Lumira Server | 2021-07-16 | 3.5 LOW | 5.4 MEDIUM |
| SAP Lumira Server version 2.4 does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. This would allow an attacker with basic level privileges to store a malicious script on SAP Lumira Server. The execution of the script content, by a victim registered on SAP Lumira Server, could compromise the confidentiality and integrity of SAP Lumira content. | |||||
| CVE-2021-33680 | 1 Sap | 1 3d Visual Enterprise Viewer | 2021-07-16 | 4.3 MEDIUM | 6.5 MEDIUM |
| SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated CGM file received from untrusted sources which causes buffer overflow and causes the application to crash and becoming temporarily unavailable until the user restarts the application. | |||||
| CVE-2021-27612 | 1 Sap | 1 Gui For Windows | 2021-06-29 | 5.8 MEDIUM | 6.1 MEDIUM |
| In specific situations SAP GUI for Windows until and including 7.60 PL9, 7.70 PL0, forwards a user to specific malicious website which could contain malware or might lead to phishing attacks to steal credentials of the victim. | |||||
| CVE-2021-33666 | 1 Sap | 1 Commerce Cloud | 2021-06-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| When SAP Commerce Cloud version 100, hosts a JavaScript storefront, it is vulnerable to MIME sniffing, which, in certain circumstances, could be used to facilitate an XSS attack or malware proliferation. | |||||
| CVE-2020-6364 | 1 Sap | 1 Introscope Enterprise Manager | 2021-06-17 | 10.0 HIGH | 10.0 CRITICAL |
| SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an attacker to modify a cookie in a way that OS commands can be executed and potentially gain control over the host running the CA Introscope Enterprise Manager,leading to Code Injection. With this, the attacker is able to read and modify all system files and also impact system availability. | |||||
| CVE-2020-6369 | 1 Sap | 2 Focused Run, Solution Manager | 2021-06-17 | 4.3 MEDIUM | 5.9 MEDIUM |
| SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an unauthenticated attackers to bypass the authentication if the default passwords for Admin and Guest have not been changed by the administrator.This may impact the confidentiality of the service. | |||||
| CVE-2020-26809 | 1 Sap | 1 Commerce Cloud | 2021-06-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| SAP Commerce Cloud, versions- 1808,1811,1905,2005, allows an attacker to bypass existing authentication and permission checks via the '/medias' endpoint hence gaining access to Secure Media folders. This folder could contain sensitive files that results in disclosure of sensitive information and impact system configuration confidentiality. | |||||
| CVE-2020-26811 | 1 Sap | 1 Commerce Cloud \(accelerator Payment Mock\) | 2021-06-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| SAP Commerce Cloud (Accelerator Payment Mock), versions - 1808, 1811, 1905, 2005, allows an unauthenticated attacker to submit a crafted request over a network to a particular SAP Commerce module URL which will be processed without further interaction, the crafted request leads to Server Side Request Forgery attack which could lead to retrieval of limited pieces of information about the service with no impact on integrity or availability. | |||||
| CVE-2020-26830 | 1 Sap | 1 Solution Manager | 2021-06-17 | 5.5 MEDIUM | 8.1 HIGH |
| SAP Solution Manager 7.2 (User Experience Monitoring), version - 7.2, does not perform necessary authorization checks for an authenticated user. Due to inadequate access control, a network attacker authenticated as a regular user can use operations which should be restricted to administrators. These operations can be used to Change the User Experience Monitoring configuration, obtain details about the configured SAP Solution Manager agents, Deploy a malicious User Experience Monitoring script. | |||||
| CVE-2020-26836 | 1 Sap | 1 Solution Manager | 2021-06-17 | 5.8 MEDIUM | 6.1 MEDIUM |
| SAP Solution Manager (Trace Analysis), version - 720, allows for misuse of a parameter in the application URL leading to Open Redirect vulnerability, an attacker can enter a link to malicious site which could trick the user to enter credentials or download malicious software, as a parameter in the application URL and share it with the end user who could potentially become a victim of the attack. | |||||