CVE-2020-6185
https://notcve.org/view.php?id=CVE-2020-6185
Under certain conditions ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS versions 7.50, 7.51, 7.52, 7.53, 7.54), allows an authenticated attacker to store a malicious payload which results in Stored Cross Site Scripting vulnerability. Bajo determinadas condiciones, ABAP Online Community en SAP NetWeaver (SAP_BASIS versión 7.40) y SAP S/4HANA (SAP_BASIS versiones 7.50, 7.51, 7.52, 7.53, 7.54), permite a un atacante autenticado almacenar una carga útil maliciosa que resulta en una vulnerabilidad de tipo Cross Site Scripting Almacenado. • https://launchpad.support.sap.com/#/notes/2880869 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-6181
https://notcve.org/view.php?id=CVE-2020-6181
Under some circumstances the SAML SSO implementation in the SAP NetWeaver (SAP_BASIS versions 702, 730, 731, 740 and SAP ABAP Platform (SAP_BASIS versions 750, 751, 752, 753, 754), allows an attacker to include invalidated data in the HTTP response header sent to a Web user, leading to HTTP Response Splitting vulnerability. En algunas circunstancias, la implementación de SSO SAML en SAP NetWeaver (SAP_BASIS versiones 702, 730, 731, 740 y SAP ABAP Platform (SAP_BASIS versiones 750, 751, 752, 753, 754), permite a un atacante incluir datos invalidados en encabezado de respuesta HTTP enviado a un usuario Web, conllevando a una vulnerabilidad de División de Respuesta HTTP. • https://launchpad.support.sap.com/#/notes/2880744 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812 •
CVE-2020-6184
https://notcve.org/view.php?id=CVE-2020-6184
Under certain conditions, ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS versions 7.50, 7.51, 7.52, 7.53, 7.54), does not sufficiently encode user-controlled inputs, resulting in Reflected Cross-Site Scripting (XSS) vulnerability. Bajo determinadas condiciones, ABAP Online Community en SAP NetWeaver (SAP_BASIS versión 7.40) y SAP S/4HANA (SAP_BASIS versiones 7.50, 7.51, 7.52, 7.53, 7.54), no codifica suficientemente las entradas controladas por el usuario, resultando en una vulnerabilidad de tipo Cross-Site Scripting (XSS) Reflejado. • https://launchpad.support.sap.com/#/notes/2863397 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-6190
https://notcve.org/view.php?id=CVE-2020-6190
Certain vulnerable endpoints in SAP NetWeaver AS Java (Heap Dump Application), versions 7.30, 7.31, 7.40, 7.50, provide valuable information about the system like hostname, server node and installation path that could be misused by an attacker leading to Information Disclosure. Determinados endpoints vulnerables en SAP NetWeaver AS Java (Heap Dump Application), versiones 7.30, 7.31, 7.40, 7.50, proporcionan información valiosa sobre el sistema tal y como el nombre de host, el nodo del servidor y la ruta de instalación que podría ser usada inapropiadamente por parte de un atacante, conllevando a una Divulgación de Información. • https://launchpad.support.sap.com/#/notes/2838835 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2020-6187
https://notcve.org/view.php?id=CVE-2020-6187
SAP NetWeaver (Guided Procedures), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML document input from a compromised admin, leading to Denial of Service. SAP NetWeaver (Guided Procedures), versiones 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, no comprueba suficientemente la entrada de un documento XML de un administrador comprometido, conllevando a una Denegación de Servicio. • https://launchpad.support.sap.com/#/notes/2864415 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812 • CWE-611: Improper Restriction of XML External Entity Reference •