CVE-2020-6264
SAP Commerce, versions – 6.7, 1808, 1811, 1905, may allow an attacker to access information under certain conditions which would otherwise be restricted, leading to Information Disclosure.
Source: CVE-2020-6264
[월:] 2020년 06월
CVE-2020-6268
CVE-2020-6268
Statutory Reporting for Insurance Companies in SAP ERP (EA-FINSERV versions – 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104) does not execute the required authorization checks for an authenticated user, allowing an attacker to view and tamper with certain restricted data leading to Missing Authorization Check.
Source: CVE-2020-6268
CVE-2020-6270
CVE-2020-6270
SAP NetWeaver AS ABAP (Banking Services), versions – 710, 711, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not perform necessary authorization checks for an authenticated user due to Missing Authorization Check, allowing wrong and unexpected change of individual conditions by a malicious user leading to wrong prices.
Source: CVE-2020-6270
CVE-2020-6269
CVE-2020-6269
Under certain conditions SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure.
Source: CVE-2020-6269
CVE-2020-6279
CVE-2020-6279
OData APIs and JobApplicationInterview and JobApplication export permissions in SAP SuccessFactors Recruiting, version 2005, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
Source: CVE-2020-6279
CVE-2020-6263
CVE-2020-6263
Standalone clients connecting to SAP NetWeaver AS Java via P4 Protocol, versions (SAP-JEECOR 7.00, 7.01; SERVERCOR 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; CORE-TOOLS 7.00, 7.01, 7.02, 7.05, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50) do not perform any authentication checks for operations that require user identity leading to Authentication Bypass.
Source: CVE-2020-6263
CVE-2020-6271
CVE-2020-6271
SAP Solution Manager (Problem Context Manager), version 7.2, does not perform the necessary authentication, allowing an attacker to consume large amounts of memory, causing the system to crash and read restricted data (files visible for technical administration users of the diagnostics agent).
Source: CVE-2020-6271
CVE-2020-6266
CVE-2020-6266
SAP Fiori for SAP S/4HANA, versions – 100, 200, 300, 400, allows an attacker to redirect users to a malicious site due to insufficient URL validation, leading to URL Redirection.
Source: CVE-2020-6266
CVE-2020-6246
CVE-2020-6246
SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_TABLE, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.
Source: CVE-2020-6246
CVE-2020-6260
CVE-2020-6260
SAP Solution Manager (Trace Analysis), version 7.20, allows an attacker to inject superflous data that can be displayed by the application, due to Incomplete XML Validation. The application shows additional data that do not actually exist.
Source: CVE-2020-6260