Vendor CVEs
SAP
All CVEs
1,818 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-6357 | 0.00 | — | 0.02 | Sep 9, 2020 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated U3D file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper… | |||
| CVE-2020-6353 | 0.00 | — | 0.02 | Sep 9, 2020 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated SKP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper… | |||
| CVE-2020-6356 | 0.00 | — | 0.02 | Sep 9, 2020 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated BMP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper… | |||
| CVE-2020-6354 | 0.00 | — | 0.02 | Sep 9, 2020 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated SKP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper… | |||
| CVE-2020-6352 | 0.00 | — | 0.02 | Sep 9, 2020 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated FBX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper… | |||
| CVE-2020-6351 | 0.00 | — | 0.02 | Sep 9, 2020 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated FBX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper… | |||
| CVE-2020-6349 | 0.00 | — | 0.02 | Sep 9, 2020 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated GIF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper… | |||
| CVE-2020-6347 | 0.00 | — | 0.02 | Sep 9, 2020 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HDR file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper… | |||
| CVE-2020-6350 | 0.00 | — | 0.02 | Sep 9, 2020 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated BMP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper… | |||
| CVE-2020-6346 | 0.00 | — | 0.02 | Sep 9, 2020 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated BMP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper… | |||
| CVE-2020-6348 | 0.00 | — | 0.02 | Sep 9, 2020 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated GIF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper… | |||
| CVE-2020-6288 | 0.00 | — | 0.01 | Sep 9, 2020 | SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface) allows an attacker with edit document rights to upload any file (including script files) without proper file format validation leading to Unrestricted upload of file with dangerous type… | |||
| CVE-2020-6345 | 0.00 | — | 0.02 | Sep 9, 2020 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated TGA file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper… | |||
| CVE-2020-6344 | 0.00 | — | 0.02 | Sep 9, 2020 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PDF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper… | |||
| CVE-2020-6329 | 0.00 | — | 0.02 | Sep 9, 2020 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated SKP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper… | |||
| CVE-2020-6283 | 0.00 | — | 0.01 | Sep 9, 2020 | SAP Fiori Launchpad does not sufficiently encode user controlled inputs, and hence allowing the attacker to inject the meta tag into the launchpad html using the vulnerable parameter, resulting in reflected Cross-Site Scripting (XSS) vulnerability. With a successful attack, the… | |||
| CVE-2020-6330 | 0.00 | — | 0.02 | Sep 9, 2020 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated 3DM file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper… | |||
| CVE-2020-6327 | 0.00 | — | 0.02 | Sep 9, 2020 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated 3DM file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper… | |||
| CVE-2020-6331 | 0.00 | — | 0.02 | Sep 9, 2020 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HPGL file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper… | |||
| CVE-2020-6328 | 0.00 | — | 0.02 | Sep 9, 2020 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated CGM file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper… | |||
| CVE-2020-6326 | 0.00 | — | 0.01 | Sep 9, 2020 | SAP NetWeaver (Knowledge Management), version-7.30,7.31,7.40,7.50, allows an authenticated attacker to create malicious links in the UI, when clicked by victim, will execute arbitrary java scripts thus extracting or modifying information otherwise restricted leading to Stored… | |||
| CVE-2020-6321 | 0.00 | — | 0.02 | Sep 9, 2020 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated U3D file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper… | |||
| CVE-2020-6322 | 0.00 | — | 0.02 | Sep 9, 2020 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated 3DM file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper… | |||
| CVE-2020-6318 | 0.00 | — | 0.06 | Sep 9, 2020 | A Remote Code Execution vulnerability exists in the SAP NetWeaver (ABAP Server, up to release 7.40) and ABAP Platform (> release 7.40).Because of this, an attacker can exploit these products via Code Injection, and potentially enabling to take complete control of the products,… | |||
| CVE-2020-6340 | 0.00 | — | 0.02 | Sep 9, 2020 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper… | |||
| CVE-2020-6320 | 0.00 | — | 0.01 | Sep 9, 2020 | SAP Marketing (Servlet), version-130,140,150, allows an authenticated attacker to invoke certain functions that are restricted. Limited knowledge of payload is required for an attacker to exploit the vulnerability and perform tasks related to contact and interaction data which… | |||
| CVE-2020-6343 | 0.00 | — | 0.02 | Sep 9, 2020 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated EPS file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper… | |||
| CVE-2020-6342 | 0.00 | — | 0.02 | Sep 9, 2020 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated U3D file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper… | |||
| CVE-2020-6339 | 0.00 | — | 0.02 | Sep 9, 2020 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated BMP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper… | |||
| CVE-2020-6337 | 0.00 | — | 0.02 | Sep 9, 2020 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HDR file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper… | |||
| CVE-2020-6338 | 0.00 | — | 0.02 | Sep 9, 2020 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated RH file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input… | |||
| CVE-2020-6313 | 0.00 | — | 0.01 | Sep 9, 2020 | SAP NetWeaver Application Server JAVA(XML Forms) versions 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user controlled inputs, which allows an authenticated User with special roles to store malicious content, that when accessed by a victim, can perform malicious actions… | |||
| CVE-2020-6332 | 0.00 | — | 0.02 | Sep 9, 2020 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HPGL file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper… | |||
| CVE-2020-6314 | 0.00 | — | 0.02 | Sep 9, 2020 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HPGL file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper… | |||
| CVE-2020-6333 | 0.00 | — | 0.02 | Sep 9, 2020 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated 3DM file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper… | |||
| CVE-2020-6336 | 0.00 | — | 0.02 | Sep 9, 2020 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper… | |||
| CVE-2020-6312 | 0.00 | — | 0.01 | Sep 9, 2020 | SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), versions - 4.1, 4.2, allows an attacker with a non-administrative user account that can edit certain web page properties, can modify how a browser processes particular page elements, leading to… | |||
| CVE-2020-6341 | 0.00 | — | 0.02 | Sep 9, 2020 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated EPS file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper… | |||
| CVE-2020-6334 | 0.00 | — | 0.02 | Sep 9, 2020 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated SKP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper… | |||
| CVE-2020-6335 | 0.00 | — | 0.02 | Sep 9, 2020 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HPGL file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper… | |||
| CVE-2020-6310 | 0.00 | — | 0.01 | Aug 12, 2020 | Improper access control in SOA Configuration Trace component in SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 702, 730, 731, 740, 750, allows any authenticated user to enumerate all SAP users, leading to Information Disclosure. | |||
| CVE-2020-6309 | 0.00 | — | 0.02 | Aug 12, 2020 | SAP NetWeaver AS JAVA, versions - (ENGINEAPI 7.10; WSRM 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; J2EE-FRMW 7.10, 7.11), does not perform any authentication checks for a web service allowing the attacker to send several payloads and leading to complete denial of service. | |||
| CVE-2020-6301 | 0.00 | — | 0.01 | Aug 12, 2020 | SAP ERP (HCM Travel Management), versions - 600, 602, 603, 604, 605, 606, 607, 608, allows an authenticated but unauthorized attacker to read, modify and settle trips, resulting in escalation of privileges, due to Missing Authorization Check. | |||
| CVE-2020-6300 | 0.00 | — | 0.01 | Aug 12, 2020 | SAP Business Objects Business Intelligence Platform (Central Management Console), versions- 4.2, 4.3, allows an attacker with administrator rights can use the web application to send malicious code to a different end user (victim), as it does not sufficiently encode… | |||
| CVE-2020-6299 | 0.00 | — | 0.01 | Aug 12, 2020 | SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 740, 750, 751, 752, 753, 754, 755, allows a business user to access the list of users in the given system using value help, leading to Information Disclosure. | |||
| CVE-2020-6298 | 0.00 | — | 0.01 | Aug 12, 2020 | SAP Banking Services (Generic Market Data), versions - 400, 450, 500, allows an unauthorized user to display protected Business Partner Generic Market Data (GMD) and change related GMD key figure values, due to Missing Authorization Check. | |||
| CVE-2020-6297 | 0.00 | — | 0.00 | Aug 12, 2020 | Under certain conditions the upgrade of SAP Data Hub 2.7 to SAP Data Intelligence, version - 3.0, allows an attacker to access confidential system configuration information, that should otherwise be restricted, leading to Information Disclosure. | |||
| CVE-2020-6296 | 0.00 | — | 0.01 | Aug 12, 2020 | SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 753, 755, allows an attacker to inject code that can be executed by the application, leading to Code Injection. An attacker could thereby control the behavior of the… | |||
| CVE-2020-6294 | 0.00 | — | 0.02 | Aug 12, 2020 | Xvfb of SAP Business Objects Business Intelligence Platform, versions - 4.2, 4.3, platform on Unix does not perform any authentication checks for functionalities that require user identity. | |||
| CVE-2020-6293 | 0.00 | — | 0.01 | Aug 12, 2020 | SAP NetWeaver (Knowledge Management), versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to upload a malicious file and also to access, modify or make unavailable existing files but the impact is limited to the files themselves and is restricted by other… |
- CVE-2020-6357Sep 9, 2020risk 0.00cvss —epss 0.02
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated U3D file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper…
- CVE-2020-6353Sep 9, 2020risk 0.00cvss —epss 0.02
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated SKP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper…
- CVE-2020-6356Sep 9, 2020risk 0.00cvss —epss 0.02
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated BMP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper…
- CVE-2020-6354Sep 9, 2020risk 0.00cvss —epss 0.02
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated SKP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper…
- CVE-2020-6352Sep 9, 2020risk 0.00cvss —epss 0.02
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated FBX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper…
- CVE-2020-6351Sep 9, 2020risk 0.00cvss —epss 0.02
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated FBX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper…
- CVE-2020-6349Sep 9, 2020risk 0.00cvss —epss 0.02
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated GIF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper…
- CVE-2020-6347Sep 9, 2020risk 0.00cvss —epss 0.02
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HDR file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper…
- CVE-2020-6350Sep 9, 2020risk 0.00cvss —epss 0.02
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated BMP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper…
- CVE-2020-6346Sep 9, 2020risk 0.00cvss —epss 0.02
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated BMP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper…
- CVE-2020-6348Sep 9, 2020risk 0.00cvss —epss 0.02
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated GIF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper…
- CVE-2020-6288Sep 9, 2020risk 0.00cvss —epss 0.01
SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface) allows an attacker with edit document rights to upload any file (including script files) without proper file format validation leading to Unrestricted upload of file with dangerous type…
- CVE-2020-6345Sep 9, 2020risk 0.00cvss —epss 0.02
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated TGA file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper…
- CVE-2020-6344Sep 9, 2020risk 0.00cvss —epss 0.02
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PDF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper…
- CVE-2020-6329Sep 9, 2020risk 0.00cvss —epss 0.02
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated SKP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper…
- CVE-2020-6283Sep 9, 2020risk 0.00cvss —epss 0.01
SAP Fiori Launchpad does not sufficiently encode user controlled inputs, and hence allowing the attacker to inject the meta tag into the launchpad html using the vulnerable parameter, resulting in reflected Cross-Site Scripting (XSS) vulnerability. With a successful attack, the…
- CVE-2020-6330Sep 9, 2020risk 0.00cvss —epss 0.02
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated 3DM file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper…
- CVE-2020-6327Sep 9, 2020risk 0.00cvss —epss 0.02
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated 3DM file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper…
- CVE-2020-6331Sep 9, 2020risk 0.00cvss —epss 0.02
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HPGL file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper…
- CVE-2020-6328Sep 9, 2020risk 0.00cvss —epss 0.02
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated CGM file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper…
- CVE-2020-6326Sep 9, 2020risk 0.00cvss —epss 0.01
SAP NetWeaver (Knowledge Management), version-7.30,7.31,7.40,7.50, allows an authenticated attacker to create malicious links in the UI, when clicked by victim, will execute arbitrary java scripts thus extracting or modifying information otherwise restricted leading to Stored…
- CVE-2020-6321Sep 9, 2020risk 0.00cvss —epss 0.02
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated U3D file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper…
- CVE-2020-6322Sep 9, 2020risk 0.00cvss —epss 0.02
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated 3DM file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper…
- CVE-2020-6318Sep 9, 2020risk 0.00cvss —epss 0.06
A Remote Code Execution vulnerability exists in the SAP NetWeaver (ABAP Server, up to release 7.40) and ABAP Platform (> release 7.40).Because of this, an attacker can exploit these products via Code Injection, and potentially enabling to take complete control of the products,…
- CVE-2020-6340Sep 9, 2020risk 0.00cvss —epss 0.02
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper…
- CVE-2020-6320Sep 9, 2020risk 0.00cvss —epss 0.01
SAP Marketing (Servlet), version-130,140,150, allows an authenticated attacker to invoke certain functions that are restricted. Limited knowledge of payload is required for an attacker to exploit the vulnerability and perform tasks related to contact and interaction data which…
- CVE-2020-6343Sep 9, 2020risk 0.00cvss —epss 0.02
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated EPS file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper…
- CVE-2020-6342Sep 9, 2020risk 0.00cvss —epss 0.02
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated U3D file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper…
- CVE-2020-6339Sep 9, 2020risk 0.00cvss —epss 0.02
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated BMP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper…
- CVE-2020-6337Sep 9, 2020risk 0.00cvss —epss 0.02
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HDR file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper…
- CVE-2020-6338Sep 9, 2020risk 0.00cvss —epss 0.02
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated RH file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input…
- CVE-2020-6313Sep 9, 2020risk 0.00cvss —epss 0.01
SAP NetWeaver Application Server JAVA(XML Forms) versions 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user controlled inputs, which allows an authenticated User with special roles to store malicious content, that when accessed by a victim, can perform malicious actions…
- CVE-2020-6332Sep 9, 2020risk 0.00cvss —epss 0.02
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HPGL file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper…
- CVE-2020-6314Sep 9, 2020risk 0.00cvss —epss 0.02
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HPGL file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper…
- CVE-2020-6333Sep 9, 2020risk 0.00cvss —epss 0.02
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated 3DM file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper…
- CVE-2020-6336Sep 9, 2020risk 0.00cvss —epss 0.02
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper…
- CVE-2020-6312Sep 9, 2020risk 0.00cvss —epss 0.01
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), versions - 4.1, 4.2, allows an attacker with a non-administrative user account that can edit certain web page properties, can modify how a browser processes particular page elements, leading to…
- CVE-2020-6341Sep 9, 2020risk 0.00cvss —epss 0.02
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated EPS file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper…
- CVE-2020-6334Sep 9, 2020risk 0.00cvss —epss 0.02
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated SKP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper…
- CVE-2020-6335Sep 9, 2020risk 0.00cvss —epss 0.02
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HPGL file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper…
- CVE-2020-6310Aug 12, 2020risk 0.00cvss —epss 0.01
Improper access control in SOA Configuration Trace component in SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 702, 730, 731, 740, 750, allows any authenticated user to enumerate all SAP users, leading to Information Disclosure.
- CVE-2020-6309Aug 12, 2020risk 0.00cvss —epss 0.02
SAP NetWeaver AS JAVA, versions - (ENGINEAPI 7.10; WSRM 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; J2EE-FRMW 7.10, 7.11), does not perform any authentication checks for a web service allowing the attacker to send several payloads and leading to complete denial of service.
- CVE-2020-6301Aug 12, 2020risk 0.00cvss —epss 0.01
SAP ERP (HCM Travel Management), versions - 600, 602, 603, 604, 605, 606, 607, 608, allows an authenticated but unauthorized attacker to read, modify and settle trips, resulting in escalation of privileges, due to Missing Authorization Check.
- CVE-2020-6300Aug 12, 2020risk 0.00cvss —epss 0.01
SAP Business Objects Business Intelligence Platform (Central Management Console), versions- 4.2, 4.3, allows an attacker with administrator rights can use the web application to send malicious code to a different end user (victim), as it does not sufficiently encode…
- CVE-2020-6299Aug 12, 2020risk 0.00cvss —epss 0.01
SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 740, 750, 751, 752, 753, 754, 755, allows a business user to access the list of users in the given system using value help, leading to Information Disclosure.
- CVE-2020-6298Aug 12, 2020risk 0.00cvss —epss 0.01
SAP Banking Services (Generic Market Data), versions - 400, 450, 500, allows an unauthorized user to display protected Business Partner Generic Market Data (GMD) and change related GMD key figure values, due to Missing Authorization Check.
- CVE-2020-6297Aug 12, 2020risk 0.00cvss —epss 0.00
Under certain conditions the upgrade of SAP Data Hub 2.7 to SAP Data Intelligence, version - 3.0, allows an attacker to access confidential system configuration information, that should otherwise be restricted, leading to Information Disclosure.
- CVE-2020-6296Aug 12, 2020risk 0.00cvss —epss 0.01
SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 753, 755, allows an attacker to inject code that can be executed by the application, leading to Code Injection. An attacker could thereby control the behavior of the…
- CVE-2020-6294Aug 12, 2020risk 0.00cvss —epss 0.02
Xvfb of SAP Business Objects Business Intelligence Platform, versions - 4.2, 4.3, platform on Unix does not perform any authentication checks for functionalities that require user identity.
- CVE-2020-6293Aug 12, 2020risk 0.00cvss —epss 0.01
SAP NetWeaver (Knowledge Management), versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to upload a malicious file and also to access, modify or make unavailable existing files but the impact is limited to the files themselves and is restricted by other…
Page 27 of 37