CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-6375
https://notcve.org/view.php?id=CVE-2020-6375
15 Oct 2020 — SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated Right Computer Graphics Metafile (.cgm) file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. SAP 3D Visual Enterprise Viewer, versión - 9, permite a un usuario abrir un archivo Right Computer Graphics Metafile (.cgm) manipulado recibido de fuentes no confiables que resulta en... • https://launchpad.support.sap.com/#/notes/2973497 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-6373 – SAP 3D Visual Enterprise Viewer PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-6373
15 Oct 2020 — SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PDF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. SAP 3D Visual Enterprise Viewer, versión 9, permite a un usuario abrir un archivo PDF manipulado recibido de fuentes no confiables que resulta en el bloqueo de la aplicación y que deje de estar disponible temporalmente ... • https://launchpad.support.sap.com/#/notes/2973497 • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-6372 – SAP 3D Visual Enterprise Viewer PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-6372
15 Oct 2020 — SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PDF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. SAP 3D Visual Enterprise Viewer, versión 9, permite a un usuario abrir un archivo PDF manipulado recibido de fuentes no confiables que resulta en el bloqueo de la aplicación y que deje de estar disponible temporalmente ... • https://launchpad.support.sap.com/#/notes/2973497 • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2020-6371
https://notcve.org/view.php?id=CVE-2020-6371
15 Oct 2020 — User enumeration vulnerability can be exploited to get a list of user accounts and personal user information can be exposed in SAP NetWeaver Application Server ABAP (POWL test application) versions - 710, 711, 730, 731, 740, 750, leading to Information Disclosure. Una vulnerabilidad de enumeración de usuarios puede ser explotada para obtener una lista de cuentas de usuario y la información personal del usuario puede ser expuesta en SAP NetWeaver Application Server ABAP (aplicación de prueba POWL): versiones... • https://launchpad.support.sap.com/#/notes/2963137 •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 1CVE-2020-6364 – SAP Wily Introscope Enterprise OS Command Injection
https://notcve.org/view.php?id=CVE-2020-6364
15 Oct 2020 — SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an attacker to modify a cookie in a way that OS commands can be executed and potentially gain control over the host running the CA Introscope Enterprise Manager,leading to Code Injection. With this, the attacker is able to read and modify all system files and also impact system availability. SAP Solution Manager y SAP Focused Run (actualización proporcionada en WILY_INTRO_ENTERPRISE versiones 9.... • https://github.com/gquere/CVE-2020-6364 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.4EPSS: 0%CPEs: 9EXPL: 0CVE-2020-6368
https://notcve.org/view.php?id=CVE-2020-6368
15 Oct 2020 — SAP Business Planning and Consolidation, versions - 750, 751, 752, 753, 754, 755, 810, 100, 200, can be abused by an attacker, allowing them to modify displayed application content without authorization, and to potentially obtain authentication information from other legitimate users, leading to Cross Site Scripting. SAP Business Planning and Consolidation, versiones - 750, 751, 752, 753, 754, 755, 810, 100, 200, pueden ser abusada por un atacante, permitiendo modificar el contenido de la aplicación mostrad... • https://launchpad.support.sap.com/#/notes/2960825 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.9EPSS: 0%CPEs: 4EXPL: 0CVE-2020-6363
https://notcve.org/view.php?id=CVE-2020-6363
15 Oct 2020 — SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, exposes several web applications that maintain sessions with a user. These sessions are established after the user has authenticated with username/passphrase credentials. The user can change their own passphrase, but this does not invalidate active sessions that the user may have with SAP Commerce Cloud web applications, which gives an attacker the opportunity to reuse old session credentials, resulting in Insufficient Session Expiration. SAP Commerce C... • https://launchpad.support.sap.com/#/notes/2965287 • CWE-613: Insufficient Session Expiration •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2020-6319
https://notcve.org/view.php?id=CVE-2020-6319
15 Oct 2020 — SAP NetWeaver Application Server Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50 allows an unauthenticated attacker to include JavaScript blocks in any web page or URL with different symbols which are otherwise not allowed. On successful exploitation an attacker can steal authentication information of the user, such as data relating to his or her current session and limitedly impact confidentiality and integrity of the application, leading to Reflected Cross Site Scripting. SAP NetWeaver Appli... • https://launchpad.support.sap.com/#/notes/2956398 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2020-6272
https://notcve.org/view.php?id=CVE-2020-6272
15 Oct 2020 — SAP Commerce Cloud versions - 1808, 1811, 1905, 2005, does not sufficiently encode user inputs, which allows an authenticated and authorized content manager to inject malicious script into several web CMS components. These can be saved and later triggered, if an affected web page is visited, resulting in Cross-Site Scripting (XSS) vulnerability. SAP Commerce Cloud versiones - 1808, 1811, 1905, 2005, no codifican suficientemente las entradas del usuario, lo que permite a un administrador de contenido autenti... • https://launchpad.support.sap.com/#/notes/2917381 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2020-6323
https://notcve.org/view.php?id=CVE-2020-6323
15 Oct 2020 — SAP NetWeaver Enterprise Portal (Fiori Framework Page) versions - 7.50, 7.31, 7.40, does not sufficiently encode user-controlled inputs and allows an attacker on a valid session to create an XSS that will be both reflected immediately and also be persisted and returned in further access to the system, resulting in Cross Site Scripting. SAP NetWeaver Enterprise Portal (Fiori Framework Page) versiones - 7.50, 7.31, 7.40, no codifican suficientemente las entradas controladas por el usuario y permiten a un atac... • https://launchpad.support.sap.com/#/notes/2960329 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •