CVSS: 9.8EPSS: 0%CPEs: 11EXPL: 0CVE-2020-6263
https://notcve.org/view.php?id=CVE-2020-6263
10 Jun 2020 — Standalone clients connecting to SAP NetWeaver AS Java via P4 Protocol, versions (SAP-JEECOR 7.00, 7.01; SERVERCOR 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; CORE-TOOLS 7.00, 7.01, 7.02, 7.05, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50) do not perform any authentication checks for operations that require user identity leading to Authentication Bypass. Los clientes dedicados que se conectan a SAP NetWeaver AS Java por medio del protocolo P4, versiones (SAP-JEECOR 7.00, 7.01; SERVERCOR 7.10, 7.11, 7.20, 7.30, 7.... • https://launchpad.support.sap.com/#/notes/2878568 • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.1EPSS: 0%CPEs: 11EXPL: 0CVE-2020-6225
https://notcve.org/view.php?id=CVE-2020-6225
14 Apr 2020 — SAP NetWeaver (Knowledge Management), versions (KMC-CM - 7.00, 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 and KMC-WPC 7.30, 7.31, 7.40, 7.50), does not sufficiently validate path information provided by users, thus characters representing traverse to parent directory are passed through to the file APIs, allowing the attacker to overwrite, delete, or corrupt arbitrary files on the remote server, leading to Path Traversal. SAP NetWeaver (Knowledge Management), versiones (KMC-CM - 7.00, 7.01, 7.02, 7.30, 7.31, 7.40, 7... • https://launchpad.support.sap.com/#/notes/2896682 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.2EPSS: 0%CPEs: 7EXPL: 0CVE-2020-6224
https://notcve.org/view.php?id=CVE-2020-6224
14 Apr 2020 — SAP NetWeaver AS Java (HTTP Service), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker with administrator privileges to access user sensitive data such as passwords in trace files, when the user logs in and sends request with login credentials, leading to Information Disclosure. SAP NetWeaver AS Java (HTTP Service), versiones 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, permite a un atacante con privilegios de administrador acceder a datos confidenciales del usuario, tales como contraseñas... • https://launchpad.support.sap.com/#/notes/2826528 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.1EPSS: 0%CPEs: 13EXPL: 0CVE-2020-6205
https://notcve.org/view.php?id=CVE-2020-6205
10 Mar 2020 — SAP NetWeaver AS ABAP Business Server Pages (Smart Forms), SAP_BASIS versions- 7.00, 7.01, 7.02, 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, 7.51, 7.52, 7.53, 7.54; does not sufficiently encode user controlled inputs, allowing an unauthenticated attacker to non-permanently deface or modify displayed content and/or steal authentication information of the user and/or impersonate the user and access all information with the same rights as the target user, leading to Reflected Cross Site Scripting Vulnerability. SAP Ne... • https://launchpad.support.sap.com/#/notes/2884910 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 7EXPL: 0CVE-2020-6203
https://notcve.org/view.php?id=CVE-2020-6203
10 Mar 2020 — SAP NetWeaver UDDI Server (Services Registry), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing 'traverse to parent directory' are passed through to the file APIs, leading to Path Traversal. SAP NetWeaver UDDI Server (Services Registry), versiones 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; permite a un atacante explotar la comprobación insuficiente de la información de la ruta proporci... • https://launchpad.support.sap.com/#/notes/2806198 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2020-6202
https://notcve.org/view.php?id=CVE-2020-6202
10 Mar 2020 — SAP NetWeaver Application Server Java (User Management Engine), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; does not sufficiently validate the LDAP data source configuration XML document accepted from an untrusted source, leading to Missing XML Validation. SAP NetWeaver Application Server Java (User Management Engine), versiones 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; no comprueba suficientemente el documento XML de configuración de la fuente de datos LDAP aceptado desde una fuente no segura , con... • https://launchpad.support.sap.com/#/notes/2847787 • CWE-20: Improper Input Validation •
CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0CVE-2020-6185
https://notcve.org/view.php?id=CVE-2020-6185
12 Feb 2020 — Under certain conditions ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS versions 7.50, 7.51, 7.52, 7.53, 7.54), allows an authenticated attacker to store a malicious payload which results in Stored Cross Site Scripting vulnerability. Bajo determinadas condiciones, ABAP Online Community en SAP NetWeaver (SAP_BASIS versión 7.40) y SAP S/4HANA (SAP_BASIS versiones 7.50, 7.51, 7.52, 7.53, 7.54), permite a un atacante autenticado almacenar una carga útil maliciosa que ... • https://launchpad.support.sap.com/#/notes/2880869 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.8EPSS: 0%CPEs: 9EXPL: 0CVE-2020-6181
https://notcve.org/view.php?id=CVE-2020-6181
12 Feb 2020 — Under some circumstances the SAML SSO implementation in the SAP NetWeaver (SAP_BASIS versions 702, 730, 731, 740 and SAP ABAP Platform (SAP_BASIS versions 750, 751, 752, 753, 754), allows an attacker to include invalidated data in the HTTP response header sent to a Web user, leading to HTTP Response Splitting vulnerability. En algunas circunstancias, la implementación de SSO SAML en SAP NetWeaver (SAP_BASIS versiones 702, 730, 731, 740 y SAP ABAP Platform (SAP_BASIS versiones 750, 751, 752, 753, 754), permi... • https://launchpad.support.sap.com/#/notes/2880744 •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2020-6184
https://notcve.org/view.php?id=CVE-2020-6184
12 Feb 2020 — Under certain conditions, ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS versions 7.50, 7.51, 7.52, 7.53, 7.54), does not sufficiently encode user-controlled inputs, resulting in Reflected Cross-Site Scripting (XSS) vulnerability. Bajo determinadas condiciones, ABAP Online Community en SAP NetWeaver (SAP_BASIS versión 7.40) y SAP S/4HANA (SAP_BASIS versiones 7.50, 7.51, 7.52, 7.53, 7.54), no codifica suficientemente las entradas controladas por el usuario, resulta... • https://launchpad.support.sap.com/#/notes/2863397 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-6190
https://notcve.org/view.php?id=CVE-2020-6190
12 Feb 2020 — Certain vulnerable endpoints in SAP NetWeaver AS Java (Heap Dump Application), versions 7.30, 7.31, 7.40, 7.50, provide valuable information about the system like hostname, server node and installation path that could be misused by an attacker leading to Information Disclosure. Determinados endpoints vulnerables en SAP NetWeaver AS Java (Heap Dump Application), versiones 7.30, 7.31, 7.40, 7.50, proporcionan información valiosa sobre el sistema tal y como el nombre de host, el nodo del servidor y la ruta de ... • https://launchpad.support.sap.com/#/notes/2838835 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •