CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2020-26835
https://notcve.org/view.php?id=CVE-2020-26835
SAP NetWeaver AS ABAP, versions - 740, 750, 751, 752, 753, 754 , does not sufficiently encode URL which allows an attacker to input malicious java script in the URL which could be executed in the browser resulting in Reflected Cross-Site Scripting (XSS) vulnerability. SAP NetWeaver AS ABAP, versiones - 740, 750, 751, 752, 753, 754, no codifica suficientemente la URL, lo que permite a un atacante ingresar un script java malicioso en la URL que podría ser ejecutado en el navegador, resultando en una vulnerabilidad de tipo Cross-Site Scripting (XSS) • https://launchpad.support.sap.com/#/notes/2996479 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564757079 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2020-26818
https://notcve.org/view.php?id=CVE-2020-26818
SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, which reveals sensitive system information that would otherwise be restricted to highly privileged users because of missing authorization, resulting in Information Disclosure. SAP NetWeaver AS ABAP (Web Dynpro), versiones: 731, 740, 750, 751, 752, 753, 754, 755, 782, permite a un usuario autenticado acceder a los componentes de Web Dynpro, lo que revela información confidencial del sistema que podría de otro modo estar restringido a usuarios altamente privilegiados debido a una falta de autorización, resultando en una Divulgación de Información • https://launchpad.support.sap.com/#/notes/2971954 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571 • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2020-26819
https://notcve.org/view.php?id=CVE-2020-26819
SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, that allows them to read and delete database logfiles because of Improper Access Control. SAP NetWeaver AS ABAP (Web Dynpro), versiones - 731, 740, 750, 751, 752, 753, 754, 755, 782, permite a un usuario autenticado acceder a los componentes de Web Dynpro, lo que luego permite leer y eliminar archivos de registro de la base de datos debido a un Control de Acceso Inapropiado • https://launchpad.support.sap.com/#/notes/2971954 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571 •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2020-6371
https://notcve.org/view.php?id=CVE-2020-6371
User enumeration vulnerability can be exploited to get a list of user accounts and personal user information can be exposed in SAP NetWeaver Application Server ABAP (POWL test application) versions - 710, 711, 730, 731, 740, 750, leading to Information Disclosure. Una vulnerabilidad de enumeración de usuarios puede ser explotada para obtener una lista de cuentas de usuario y la información personal del usuario puede ser expuesta en SAP NetWeaver Application Server ABAP (aplicación de prueba POWL): versiones 710, 711, 730, 731, 740, 750, conllevando a una Divulgación de Información • https://launchpad.support.sap.com/#/notes/2963137 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196 •
CVSS: 6.1EPSS: 0%CPEs: 12EXPL: 0CVE-2020-6324
https://notcve.org/view.php?id=CVE-2020-6324
SAP Netweaver AS ABAP(BSP Test Application sbspext_table), version-700,701,720,730,731,740,750,751,752,753,754,755, allows an unauthenticated attacker to send polluted URL to the victim, when the victim clicks on this URL, the attacker can read, modify the information available in the victim�s browser leading to Reflected Cross Site Scripting. SAP Netweaver AS ABAP(BSP Test Application sbspext_table), versión-700,701,720,730,731,740,750,751,752,753,754,755, permite a un atacante no autenticado enviar una URL contaminada a la víctima, cuando la víctima hace clic en esta URL, el atacante puede leer, modificar la información disponible en el navegador de la víctima llevando a Reflected Cross Site Scripting • https://launchpad.support.sap.com/#/notes/2948239 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •