We've created the first of its kind, SecurityBridge Cloud Platform, designed to prioritize SAP patches, updates, and remediation strategies that help prevent disruptions to critical business systems. Our security advisories provide SAP users with valuable insights into the security and business implications of operating SAP.
We hope you enjoy using it!
This time we found critical correction advisiories. We count 199 and the highest CVSS score is 10.0.
Severity
SAP© Security advisories 199
System Types
Affected SAP© system types
Affected system
type
ABAP
Patchday
2020-12
Released
on
2020/11/24
Description
Missing Authorization check in S/4HANA (Central Finance)
Affected system
type
ABAP
Patchday
2020-12
Released
on
2020/12/08
Description
[CVE-2020-26835] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP
Affected system
type
SAP Solution Manager
Patchday
2020-12
Released
on
2020/12/08
Description
[CVE-2020-26837] Multiple Vulnerabilities in SAP Solution Manager 7.2 (User Experience Monitoring)
Affected system
type
ABAP
Patchday
2020-12
Released
on
2020/12/08
Description
[CVE-2020-26836] Open Redirect in SAP Solution Manager (Trace Analysis)
Affected system
type
Java
Patchday
2020-12
Released
on
2020/12/08
Description
[CVE-2020-26829] Missing Authentication Check in SAP NetWeaver AS JAVA (P2P Cluster Communication)
Affected system
type
SAP Disclosure Management
Patchday
2020-12
Released
on
2020/12/08
Description
[CVE-2020-26828] Formula Injection in SAP Disclosure Management
Affected system
type
HANA Platform
Patchday
2020-12
Released
on
2020/12/08
Description
[CVE-2020-26834 ] Improper authentication in SAP HANA database
Affected system
type
ABAP
Patchday
2020-12
Released
on
2020/12/08
Description
[CVE-2020-26838] Code Injection vulnerability in SAP Business Warehouse (Master Data Management) and SAP BW4HANA
Affected system
type
Java
Patchday
2020-12
Released
on
2020/12/08
Description
[CVE-2020-26816] Missing Encryption in SAP NetWeaver AS Java (Key Storage Service)
Affected system
type
BI/BO platform
Patchday
2020-12
Released
on
2020/12/08
Description
[CVE-2020-26831] Missing XML Validation in SAP BusinessObjects Business Intelligence Platform (Crystal Report)
Affected system
type
Java
Patchday
2020-12
Released
on
2020/12/08
Description
[CVE-2020-26826] Unrestricted File Upload vulnerability in SAP NetWeaver Application Server for Java (Process Integration Monitoring)
Affected system
type
ABAP
Patchday
2020-12
Released
on
2020/12/08
Description
[CVE-2020-26832] Missing Authorization check in SAP NetWeaver AS ABAP and SAP S4 HANA (SAP Landscape Transformation)
Affected system
type
ABAP
Patchday
2020-11
Released
on
2020/10/27
Description
SQL Injection in SAF-T Portugal
Affected system
type
SAP 3D Visual Enterprise
Patchday
2020-11
Released
on
2020/11/10
Description
[CVE-2020-26817] Improper input validation in Visual Enterprise Viewer
Affected system
type
Java
Patchday
2020-11
Released
on
2020/11/10
Description
[CVE-2020-26814] Information Disclosure in SAP Process Integration (PGP Module – Business-to-Business Add On)
Affected system
type
SAP Data Services
Patchday
2020-11
Released
on
2020/11/10
Description
Multiple Vulnerabilities in SAP Data Services
Affected system
type
Java
Patchday
2020-11
Released
on
2020/11/10
Description
Clickjacking vulnerability in SAP Process Integration (Integration Builder Framework)
Affected system
type
ABAP
Patchday
2020-11
Released
on
2020/11/10
Description
[CVE-2020-26818] Multiple vulnerabilities in SAP NetWeaver AS ABAP (Web Dynpro)
Affected system
type
ABAP
Patchday
2020-11
Released
on
2020/11/10
Description
Missing Authorization check in Disbursement Read API used in Read Disbursement Webservice
Affected system
type
ABAP
Patchday
2020-11
Released
on
2020/11/10
Description
[CVE-2020-26815] Security Vulnerabilities in SAP Fiori Launchpad (NewsTile Application)
Affected system
type
ABAP
Patchday
2020-11
Released
on
2020/10/27
Description
SQL Injection in SAF-T Portugal
Affected system
type
ABAP
Patchday
2020-11
Released
on
2020/11/10
Description
[CVE-2020-6316] Missing Authorization Check in SAP ERP and SAP S/4 HANA
Affected system
type
SAP Commerce Cloud
Patchday
2020-11
Released
on
2020/11/10
Description
[CVE-2020-26810] Multiple Vulnerabilities in SAP Commerce Cloud (Accelerator Payment Mock)
Affected system
type
ABAP
Patchday
2020-11
Released
on
2020/11/11
Description
[CVE-2020-26808] Code Injection in SAP AS ABAP and S/4 HANA (DMIS)
Affected system
type
Java
Patchday
2020-11
Released
on
2020/11/10
Description
[Multiple CVE IDs] Missing Authentication Check in SAP Solution Manager (JAVA stack)
Affected system
type
SAP Commerce Cloud
Patchday
2020-11
Released
on
2020/11/10
Description
[CVE-2020-26809] Information Disclosure in SAP Commerce Cloud
Affected system
type
SAP ERP Client for E-Bilanz
Patchday
2020-11
Released
on
2020/11/10
Description
[CVE-2020-26807] Incorrect Default Permissions in SAP ERP Client for E-Bilanz 1.0
Affected system
type
Java
Patchday
2020-11
Released
on
2020/11/10
Description
[CVE-2020-26820] Privilege escalation in SAP NetWeaver Application Server for Java (UDDI Server)
Affected system
type
Java
Patchday
2020-10
Released
on
2020/10/13
Description
[CVE-2020-6366] Missing XML Validation in SAP NetWeaver (Compare Systems)
Affected system
type
SAP Enterprise Portal...
Patchday
2020-10
Released
on
2020/10/13
Description
[CVE-2020-6323] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal (Fiori Framework Page)
Affected system
type
SAP CRM UI
Patchday
2020-10
Released
on
2020/09/22
Description
Cross-Site Scripting (XSS) vulnerability in SAP CRM WebClient UI
Affected system
type
ABAP
Patchday
2020-10
Released
on
2020/10/13
Description
Missing Authorization check in EHS Task Definition attachments
Affected system
type
SAP 3D Visual Enterprise
Patchday
2020-10
Released
on
2020/10/13
Description
[CVE-2020-6315] Multiple Vulnerabilities in SAP 3D Visual Enterprise Viewer
Affected system
type
Java
Patchday
2020-10
Released
on
2020/10/13
Description
[CVE-2020-6319] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS Java
Affected system
type
SAP Commerce Cloud
Patchday
2020-10
Released
on
2020/10/13
Description
[CVE-2020-6363] Insufficient Session Expiration in SAP Commerce Cloud
Affected system
type
ABAP
Patchday
2020-10
Released
on
2020/10/13
Description
Missing Authorization check in Manage Substitutions - Products and Manage Exclusions - Products
Affected system
type
SAP Commerce Cloud
Patchday
2020-10
Released
on
2020/10/13
Description
[CVE-2020-6272] Cross-Site Scripting (XSS) vulnerability in SAP Commerce Cloud
Affected system
type
Java
Patchday
2020-10
Released
on
2020/10/13
Description
[CVE-2020-6365] Reverse Tabnabbing vulnerability in SAP NetWeaver AS Java Start Page
Affected system
type
ABAP
Patchday
2020-10
Released
on
2020/09/09
Description
Cross-Site Scripting (XSS) vulnerability in CRM Interaction Center
Affected system
type
BI/BO platform
Patchday
2020-10
Released
on
2020/10/13
Description
[CVE-2020-6308] Server-Side Request Forgery vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Services)
Affected system
type
ABAP
Patchday
2020-10
Released
on
2020/10/13
Description
Cross-Site Request Forgery (CSRF) in SAP Marketing
Affected system
type
Java
Patchday
2020-10
Released
on
2020/10/13
Description
[CVE-2020-6367] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Composite Application Framework
Affected system
type
SAP NetWeaver...
Patchday
2020-10
Released
on
2020/10/13
Description
[CVE-2020-6370] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver (DI Design Time Repository)
Affected system
type
Solution Manager
Patchday
2020-10
Released
on
2020/10/13
Description
[CVE-2020-6364] OS Command Injection Vulnerability in CA Introscope Enterprise Manager (Affected Products: SAP Solution Manager and SAP Focused Run)
Affected system
type
ABAP
Patchday
2020-10
Released
on
2020/10/13
Description
Information Disclosure in Supplier Relationship Management
Affected system
type
ABAP
Patchday
2020-10
Released
on
2020/10/13
Description
[CVE-2020-6368] Cross-Site Scripting (XSS) vulnerability in SAP Business Planning and Consolidation
Affected system
type
SAP Solution Manager...
Patchday
2020-10
Released
on
2020/10/13
Description
[CVE-2020-6369] Hard-coded Credentials in CA Introscope Enterprise Manager (Affected products: SAP Solution Manager and SAP Focused Run)
Affected system
type
ABAP
Patchday
2020-10
Released
on
2020/10/13
Description
[CVE-2020-6362] Incorrect Authorization in SAP Banking Services
Affected system
type
ABAP
Patchday
2020-10
Released
on
2020/10/13
Description
[CVE-2020-6371] Information disclosure in SAP NetWeaver AS ABAP via the POWL Test Feeder endpoint
Affected system
type
ABAP
Patchday
2020-09
Released
on
2020/09/08
Description
[CVE-2020-6318] Code Injection vulnerability in SAP NetWeaver (ABAP Server) and ABAP Platform
Affected system
type
Java
Patchday
2020-09
Released
on
2020/09/08
Description
[CVE-2020-6326] Cross-Site Scripting (XSS) vulnerabilities in SAP NetWeaver AS Java
Affected system
type
ABAP
Patchday
2020-09
Released
on
2020/09/08
Description
[CVE-2020-6311] Improper Authorization Checks in Banking services from SAP Bank Analyzer and SAP S/4HANA Financial Products
Affected system
type
ABAP
Patchday
2020-09
Released
on
2020/09/08
Description
[CVE-2020-6324] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (BSP Test Application)
Affected system
type
SAP Commerce Cloud
Patchday
2020-09
Released
on
2020/09/08
Description
[CVE-2020-6302] Session Fixation in SAP Commerce
Affected system
type
SAP Marketing
Patchday
2020-09
Released
on
2020/09/08
Description
[CVE-2020-6320] Improper Access Control in SAP Marketing (Mobile Channel Servlet)
Affected system
type
ABAP
Patchday
2020-09
Released
on
2019/03/12
Description
Switchable Authorization checks for RFC BCA_DIM_LOANS_APPLOG_UPDATE in Loans (FI-CAX-FS)
Affected system
type
BI/BO platform
Patchday
2020-09
Released
on
2020/09/08
Description
[CVE-2020-6325] Multiple Vulnerabilities in SAP BusinessObjects Business Intelligence Platform
Affected system
type
ABAP
Patchday
2020-09
Released
on
2020/08/25
Description
Missing Authorization check in Discrete Industries and Mill Products
Affected system
type
SAP UI5
Patchday
2020-09
Released
on
2020/09/08
Description
[CVE-2020-6283] Cross-Site Scripting (XSS) vulnerability in SAP Fiori(Launchpad)
Affected system
type
SAP Adaptive Server...
Patchday
2020-09
Released
on
2020/09/08
Description
[CVE-2020-6317] Information Disclosure in SAP Adaptive Server Enterprise
Affected system
type
SAP 3D Visual Enterprise
Patchday
2020-09
Released
on
2020/09/08
Description
[Multiple CVEs] Improper Input Validation in SAP 3D Visual Enterprise Viewer
Affected system
type
Java
Patchday
2020-08
Released
on
2020/08/11
Description
[CVE-2020-6309] Missing Authentication check in SAP NetWeaver AS JAVA
Affected system
type
ABAP
Patchday
2020-08
Released
on
2020/08/11
Description
[CVE-2020-6301] Missing Authorization check in SAP ERP (HCM Travel Management)
Affected system
type
SAP Commerce
Patchday
2020-08
Released
on
2020/08/11
Description
Vulnerabilities in open source libraries used in SAP Commerce
Affected system
type
Java
Patchday
2020-08
Released
on
2020/08/11
Description
[CVE-2020-6284] Cross-Site Scripting (XSS) in SAP NetWeaver (Knowledge Management)
Affected system
type
BI/BO platform
Patchday
2020-08
Released
on
2020/08/11
Description
[CVE-2020-6294] Missing Authentication check in SAP BusinessObjects Business Intelligence Platform
Affected system
type
ABAP
Patchday
2020-08
Released
on
2020/08/11
Description
[CVE-2020-6273] Missing Authorization check in SAP S/4 HANA (Fiori UI for General Ledger Accounting)
Affected system
type
Java
Patchday
2020-08
Released
on
2020/08/11
Description
[CVE-2020-6293] Unrestricted File Upload in SAP NetWeaver (Knowledge Management)
Affected system
type
BI/BO platform
Patchday
2020-08
Released
on
2020/08/11
Description
BI Platform stores SAP BW Authentication Password as clear text
Affected system
type
ABAP
Patchday
2020-08
Released
on
2020/08/11
Description
[CVE-2020-6310] Information Disclosure in SAP NetWeaver (ABAP Server) and ABAP Platform
Affected system
type
Lumira Designer
Patchday
2020-08
Released
on
2020/08/11
Description
Potential information disclosure in Lumira Designer
Affected system
type
ABAP
Patchday
2020-08
Released
on
2020/08/11
Description
Missing Authorization check in TSW Supply Chain Visualization
Affected system
type
ABAP
Patchday
2020-08
Released
on
2020/08/11
Description
[CVE-2020-6298] Missing Authorization check in SAP Banking Services (Generic Market Data)
Affected system
type
BI/BO platform
Patchday
2020-08
Released
on
2020/08/11
Description
[CVE-2020-6300] Cross-Site Scripting (XSS) vulnerability in SAP Business Objects Business Intelligence Platform(Central Management Console)
Affected system
type
ABAP
Patchday
2020-08
Released
on
2020/08/11
Description
[CVE-2020-6296] Code Injection Vulnerability in SAP NetWeaver (ABAP) and ABAP Platform
Affected system
type
SAP Adaptive Server...
Patchday
2020-08
Released
on
2020/08/11
Description
[CVE-2020-6295] Information Disclosure in SAP Adaptive Server Enterprise
Affected system
type
ABAP
Patchday
2020-08
Released
on
2020/08/11
Description
[CVE-2020-6299] Information Disclosure in SAP NetWeaver (ABAP Server) and ABAP Platform
Affected system
type
SAP Data Hub
Patchday
2020-08
Released
on
2020/08/11
Description
[CVE-2020-6297] Information Disclosure in SAP Data Intelligence
Affected system
type
Java
Patchday
2020-08
Released
on
2018/06/15
Description
Checking server certificates and host name of managed systems
Affected system
type
SAP GUI / Frontend
Patchday
2020-08
Released
on
2020/08/11
Description
Cross-Site Scripting (XSS) vulnerabilities in modified jQuery bundled with SAPUI5
Affected system
type
ABAP
Patchday
2020-07
Released
on
2020/06/23
Description
SESS: Duplicate AU3 entries in the Security Audit Log
Affected system
type
Java
Patchday
2020-07
Released
on
2020/07/14
Description
[CVE-2020-6285] Information Disclosure in SAP NetWeaver (XMLToolkit for Java)
Affected system
type
ABAP
Patchday
2020-07
Released
on
2020/07/14
Description
[CVE-2020-6280] Information Disclosure in SAP NetWeaver (ABAP Server) and ABAP Platform
Affected system
type
ABAP
Patchday
2020-07
Released
on
2020/06/09
Description
Switchable authorization checks for RFC in SAP CRM (external billing)
Affected system
type
Java
Exploit available
Patchday
2020-07
Released
on
2020/07/14
Description
[CVE-2020-6287] Multiple Vulnerabilities in SAP NetWeaver AS JAVA (LM Configuration Wizard)
Affected system
type
BI/BO platform
Patchday
2020-07
Released
on
2020/07/14
Description
[CVE-2020-6276] Cross-Site Scripting (XSS) vulnerability in SAP Business Objects Business Intelligence Platform(Bipodata)
Affected system
type
ABAP
Patchday
2020-07
Released
on
2020/07/14
Description
Missing Authorization check in Pricat Inbound and Pricat Outbound
Affected system
type
ABAP
Patchday
2020-07
Released
on
2020/07/14
Description
Switchable Authorization checks for RFC in MM-PUR-GF
Affected system
type
SAP Disclosure Management
Patchday
2020-07
Released
on
2020/07/14
Description
[CVE-2020-6267] Multiple vulnerabilities in SAP Disclosure Management
Affected system
type
ABAP
Patchday
2020-07
Released
on
2020/07/14
Description
Missing Authorization Check in S4 ACR Brazil Option
Affected system
type
BI/BO platform
Patchday
2020-07
Released
on
2020/07/14
Description
[CVE-2020-6278] Cross-Site Scripting (XSS) vulnerability in SAP Business Objects Business Intelligence Platform (BI Launchpad and CMC)
Affected system
type
ABAP
Patchday
2020-07
Released
on
2020/07/14
Description
Missing Authorization check in Travel Management
Affected system
type
Java
Patchday
2020-07
Released
on
2020/07/14
Description
[CVE-2020-6282] Server-Side Request Forgery in SAP NetWeaver AS JAVA (IIOP service)
Affected system
type
BI/BO platform
Patchday
2020-07
Released
on
2020/07/14
Description
[CVE-2020-6281] Cross-Site Scripting (XSS) vulnerability in SAP Business Objects Business Intelligence Platform(BI Launch pad)
Affected system
type
ABAP
Patchday
2020-07
Released
on
2015/08/11
Description
Directory traversal in BC-MID-ICF
Affected system
type
ABAP
Patchday
2020-07
Released
on
2020/07/14
Description
Missing authorization check in Allocation Management
Affected system
type
ABAP
Patchday
2020-06
Released
on
2020/06/09
Description
[CVE-2020-6270] Missing Authorization check in SAP Netweaver AS ABAP (Banking Services)
Affected system
type
ABAP
Patchday
2020-06
Released
on
2020/06/09
Description
[CVE-2020-6275] Server Side Request Forgery vulnerability in SAP NetWeaver AS ABAP
Affected system
type
ABAP
Patchday
2020-06
Released
on
2020/06/09
Description
[CVE-2020-6246] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP ( Business Server Pages Test Application SBSPEXT_TABLE)
Affected system
type
ABAP
Patchday
2020-06
Released
on
2020/06/09
Description
Switchable Authorization checks for RFC in Environment, Health & Safety
Affected system
type
Adobe LiveCycle Designer
Patchday
2020-06
Released
on
2020/06/09
Description
Multiple vulnerabilities in Adobe LiveCycle Designer 11.0
Affected system
type
SAP Cloud Commerce
Patchday
2020-06
Released
on
2020/06/09
Description
[CVE-2020-6265] Use of Hard-coded Credentials in SAP Commerce and SAP Commerce Datahub
Affected system
type
SAP Business One
Patchday
2020-06
Released
on
2020/06/09
Description
[CVE-2020-6239] Information Disclosure in SAP Business One (Backup Service)
Affected system
type
ABAP
Patchday
2020-06
Released
on
2020/06/09
Description
Update 1 to Security Note 2752614 - [CVE-2019-0319] Content Injection Vulnerability in SAP Gateway
Affected system
type
ABAP
Patchday
2020-06
Released
on
2020/06/09
Description
[CVE-2020-6266] URL redirection in SAP Fiori for SAP S/4HANA
Affected system
type
BI/BO platform
Patchday
2020-06
Released
on
2020/06/09
Description
[CVE-2020-6269] Information Disclosure in SAP Business Objects Business Intelligence Platform
Affected system
type
ABAP
Patchday
2020-06
Released
on
2020/06/09
Description
[CVE-2020-6266] URL redirection in SAP Fiori for SAP S/4HANA
Affected system
type
Java
Patchday
2020-06
Released
on
2020/06/09
Description
[CVE-2020-6260] Incomplete XML Validation in SAP Solution Manager (Trace Analysis)
Affected system
type
SAP Cloud Commerce
Patchday
2020-06
Released
on
2020/06/09
Description
[CVE-2020-6264] Information Disclosure in SAP Commerce
Affected system
type
ABAP
Patchday
2020-06
Released
on
2020/06/09
Description
[CVE-2020-6268] Missing authorization check in SAP ERP (Statutory Reporting for Insurance Companies)
Affected system
type
ABAP
Patchday
2020-06
Released
on
2020/06/09
Description
Cross-Site Scripting (XSS) vulnerability in SAP CRM WebClient UI
Affected system
type
Java
Patchday
2020-06
Released
on
2020/06/09
Description
[CVE-2020-6271] Missing XML Validation in SAP Solution Manager (Problem Context Manager)
Affected system
type
Java
Patchday
2020-06
Released
on
2020/06/09
Description
Ghostcat' Apache Tomcat AJP Vulnerability in SAP Liquidity Management for Banking
Affected system
type
Java
Patchday
2020-06
Released
on
2020/06/09
Description
[CVE-2020-6263] Authentication Bypass in Standalone Clients connecting to SAP NetWeaver AS Java via P4 Protocol
Affected system
type
SAP Adaptive Server...
Patchday
2020-05
Released
on
2020/05/12
Description
[CVE-2020-6253] SQL Injection vulnerability in SAP Adaptive Server Enterprise (Web Services)
Affected system
type
SAP Adaptive Server...
Patchday
2020-05
Released
on
2020/05/12
Description
[CVE-2020-6241] SQL Injection vulnerability in SAP Adaptive Server Enterprise
Affected system
type
SAP Adaptive Server...
Patchday
2020-05
Released
on
2020/05/12
Description
[CVE-2020-6252] Information Disclosure in SAP Adaptive Server Enterprise (Cockpit)
Affected system
type
SAP IDM
Patchday
2020-05
Released
on
2020/05/12
Description
[CVE-2020-6258] Missing Authorization check in SAP Identity Management
Affected system
type
SAP Adaptive Server...
Patchday
2020-05
Released
on
2020/05/12
Description
[CVE-2020-6243] Code Injection in SAP Adaptive Server Enterprise (XP Server on Windows Platform)
Affected system
type
SAP Adaptive Server...
Patchday
2020-05
Released
on
2020/05/12
Description
[CVE-2020-6250] Information Disclosure in SAP Adaptive Server Enterprise
Affected system
type
ABAP
Patchday
2020-05
Released
on
2020/05/12
Description
[CVE-2020-6262] Code Injection vulnerability in Service Data Download
Affected system
type
SAP Adaptive Server...
Patchday
2020-05
Released
on
2020/05/12
Description
[CVE-2020-6259] Missing authorization check in SAP Adaptive Server Enterprise
Affected system
type
SAP Adaptive Server...
Patchday
2020-05
Released
on
2020/05/12
Description
[CVE-2020-6248] Code injection in SAP Adaptive Server Enterprise (Backup Server)
Affected system
type
SAP Enterprise Threat...
Patchday
2020-05
Released
on
2020/05/12
Description
[CVE-2020-6254] Cross-Site Scripting (XSS) vulnerability in SAP Enterprise Threat Detection
Affected system
type
ABAP
Patchday
2020-05
Released
on
2020/05/12
Description
This note has been re-released without changes. - Cross-Site Request Forgery (CSRF) vulnerability in SAP Web Dynpro ABAP
Affected system
type
Java
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6224] Information Disclosure in SAP NetWeaver Application Server Java (HTTP Service)
Affected system
type
SAP Solution Manager
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6235] Missing authentication check in SAP Solution Manager (Diagnostics Agent )
Affected system
type
SAP GUI / Frontend
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6228] Missing Integrity Check in SAP BUSINESS CLIENT
Affected system
type
ABAP
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6213]Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP(Business Server Pages Test Application SBSPEXT_PHTMLB)
Affected system
type
BI/BO platform
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6222] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface)
Affected system
type
ABAP
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6212] Missing Authorization Check in SAP ERP & S/4 HANA (Egypt localized Withholding Tax reports)
Affected system
type
BI/BO platform
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6227] Remote unauthenticated log injection in SAP Business Objects Business Intelligence Platform (CMS / Auditing issues)
Affected system
type
BI/BO platform
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6219] Deserialization of Untrusted Data in SAP Business Objects Business Intelligence Platform (CrystalReports WebForm Viewer)
Affected system
type
ABAP
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6229] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (Business Server Pages application CRM_BSP_FRAME)
Affected system
type
SAP Orient DB
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6230] Code Injection vulnerability in SAP OrientDB 3.0
Affected system
type
BI/BO platform
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6195] Multiple vulnerabilities in SAP Business Objects Business Intelligence Platform
Affected system
type
BI/BO platform
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6226] Cross-Site Scripting (XSS) vulnerabilities in SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface)
Affected system
type
SAP Commerce Cloud
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6232] Missing Authorization check in SAP Commerce
Affected system
type
ABAP
Patchday
2020-04
Released
on
2020/03/12
Description
Switchable Authorization checks in SAP Supplier Relationship Management
Affected system
type
BI/BO platform
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6216] Cross-Site Scripting (XSS) vulnerability in SAP Business Objects Business Intelligence Platform (BILaunchpad/ Opendocument)
Affected system
type
SAP Commerce Cloud
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6238] Missing XML Validation vulnerability in SAP Commerce
Affected system
type
ABAP
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6214] Incorrect Authorization in SAP S/4HANA (Financial Products Subledger)
Affected system
type
ABAP
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6233] Missing Authorization Check in SAP S/4 HANA (Financial Products Subledger and Banking Services)
Affected system
type
Java
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6225] Directory Traversal vulnerability in SAP NetWeaver (Knowledge Management)
Affected system
type
BI/BO platform
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6237] Information Disclosure in SAP Business Objects Business Intelligence Platform (dswsbobje Web Application)
Affected system
type
SAP Landscape Management
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6236] Privilege Escalation in SAP Landscape Management (SAP Adaptive Extensions)
Affected system
type
SAP Host Agent
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6234] Privilege Escalation in SAP Host Agent
Affected system
type
ABAP
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6215] URL Redirection vulnerability in SAP NetWeaver AS ABAP – Business Server Pages Test Application IT00
Affected system
type
ABAP
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6217] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (Business Server Pages Test Application IT05)
Affected system
type
Java
Patchday
2020-03
Released
on
2020/03/10
Description
[CVE-2020-6203] Path Manipulation in SAP NetWeaver UDDI Server(Services Registry)
Affected system
type
ABAP
Patchday
2020-03
Released
on
2020/03/10
Description
[CVE-2020-6204] Missing Authorization check in SAP Treasury and Risk Management (Transaction Management)
Affected system
type
ABAP
Patchday
2020-03
Released
on
2020/03/10
Description
Directory traversal in SAP Environment Health and Safety
Affected system
type
Java
Exploit available
Patchday
2020-03
Released
on
2020/03/10
Description
[CVE-2020-6207] Missing Authentication Check in SAP Solution Manager (User-Experience Monitoring)
Affected system
type
Java
Patchday
2020-03
Released
on
2020/03/10
Description
[CVE-2020-6198] Missing Authentication check in SAP Solution Manager (Diagnostics Agent)
Affected system
type
SAP Enable Now
Patchday
2020-03
Released
on
2020/03/10
Description
[CVE-2020-6197] Insufficient session expiration in SAP Enable Now Manager
Affected system
type
BI/BO platform
Patchday
2020-03
Released
on
2020/03/10
Description
[CVE-2020-6208] Remote Code Execution in SAP Business Objects Business Intelligence Platform (Crystal Reports)
Affected system
type
ABAP
Patchday
2020-03
Released
on
2020/03/10
Description
[CVE-2020-6199] Missing Authorization check in SAP ERP and S/4 HANA (MENA Certificate Management)