Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

sap netweaver application server abap 2020 vulnerabilities and exploits

(subscribe to this query)
9.8
CVSSv3
CVE-2020-6275
SAP Netweaver AS ABAP, versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, are vulnerable for Server Side Request Forgery Attack where in an attacker can use inappropriate path names containing malicious server names in the import/export of sessions function...
Sap Netweaver Application Server Abap 702Sap Netweaver Application Server Abap 750Sap Netweaver Application Server Abap 752Sap Netweaver Application Server Abap 753Sap Netweaver Application Server Abap 754Sap Netweaver Application Server Abap 700Sap Netweaver Application Server Abap 710Sap Netweaver Application Server Abap 730Sap Netweaver Application Server Abap 731Sap Netweaver Application Server Abap 701Sap Netweaver Application Server Abap 711Sap Netweaver Application Server Abap 740Sap Netweaver Application Server Abap 751
6.5
CVSSv3
CVE-2020-6270
SAP NetWeaver AS ABAP (Banking Services), versions - 710, 711, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not perform necessary authorization checks for an authenticated user due to Missing Authorization Check, allowing wrong and unexpected change of individual conditions ...
Sap Netweaver Application Server Abap 750Sap Netweaver Application Server Abap 752Sap Netweaver Application Server Abap 710Sap Netweaver Application Server Abap 711Sap Netweaver Application Server Abap 740Sap Netweaver Application Server Abap 751Sap Netweaver Application Server Abap 75aSap Netweaver Application Server Abap 75bSap Netweaver Application Server Abap 75cSap Netweaver Application Server Abap 75dSap Netweaver Application Server Abap 75e
7.5
CVSSv3
CVE-2020-6240
SAP NetWeaver AS ABAP (Web Dynpro ABAP), versions (SAP_UI 750, 752, 753, 754 and SAP_BASIS 700, 710, 730, 731, 804) allows an unauthenticated malicious user to prevent legitimate users from accessing a service, either by crashing or flooding the service leading to Denial of Servi...
Sap Netweaver Application Server Abap 750Sap Netweaver Application Server Abap 752Sap Netweaver Application Server Abap 753Sap Netweaver Application Server Abap 754Sap Netweaver Application Server Abap 700Sap Netweaver Application Server Abap 710Sap Netweaver Application Server Abap 730Sap Netweaver Application Server Abap 731Sap Netweaver Application Server Abap 804
8.8
CVSSv3
CVE-2020-26819
SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, that allows them to read and delete database logfiles because of Improper Access Control.
Sap Netweaver Application Server Abap 750Sap Netweaver Application Server Abap 752Sap Netweaver Application Server Abap 753Sap Netweaver Application Server Abap 754Sap Netweaver Application Server Abap 755Sap Netweaver Application Server Abap 731Sap Netweaver Application Server Abap 740Sap Netweaver Application Server Abap 751Sap Netweaver Application Server Abap 782
8.8
CVSSv3
CVE-2020-26818
SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, which reveals sensitive system information that would otherwise be restricted to highly privileged users because of missing au...
Sap Netweaver Application Server Abap 750Sap Netweaver Application Server Abap 752Sap Netweaver Application Server Abap 753Sap Netweaver Application Server Abap 754Sap Netweaver Application Server Abap 755Sap Netweaver Application Server Abap 731Sap Netweaver Application Server Abap 740Sap Netweaver Application Server Abap 751Sap Netweaver Application Server Abap 782
4.3
CVSSv3
CVE-2020-6371
User enumeration vulnerability can be exploited to get a list of user accounts and personal user information can be exposed in SAP NetWeaver Application Server ABAP (POWL test application) versions - 710, 711, 730, 731, 740, 750, leading to Information Disclosure.
Sap Netweaver Application Server Abap 750Sap Netweaver Application Server Abap 710Sap Netweaver Application Server Abap 730Sap Netweaver Application Server Abap 731Sap Netweaver Application Server Abap 711Sap Netweaver Application Server Abap 740
6.1
CVSSv3
CVE-2020-26835
SAP NetWeaver AS ABAP, versions - 740, 750, 751, 752, 753, 754 , does not sufficiently encode URL which allows an malicious user to input malicious java script in the URL which could be executed in the browser resulting in Reflected Cross-Site Scripting (XSS) vulnerability.
Sap Netweaver Application Server Abap 750Sap Netweaver Application Server Abap 752Sap Netweaver Application Server Abap 753Sap Netweaver Application Server Abap 754Sap Netweaver Application Server Abap 740Sap Netweaver Application Server Abap 751
8.8
CVSSv3
CVE-2020-6296
SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 753, 755, allows an malicious user to inject code that can be executed by the application, leading to Code Injection. An attacker could thereby control the behavior of the ...
Sap Abap Platform 7.31Sap Abap Platform 700Sap Abap Platform 701Sap Abap Platform 702Sap Abap Platform 710Sap Abap Platform 711Sap Abap Platform 751Sap Abap Platform 753Sap Abap Platform 755Sap Abap Platform 740Sap Abap Platform 750Sap Netweaver Application Server Abap 700Sap Netweaver Application Server Abap 701Sap Netweaver Application Server Abap 702Sap Netweaver Application Server Abap 710Sap Netweaver Application Server Abap 711Sap Netweaver Application Server Abap 731Sap Netweaver Application Server Abap 740Sap Netweaver Application Server Abap 750Sap Netweaver Application Server Abap 751Sap Netweaver Application Server Abap 753Sap Netweaver Application Server Abap 755
4.3
CVSSv3
CVE-2020-6310
Improper access control in SOA Configuration Trace component in SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 702, 730, 731, 740, 750, allows any authenticated user to enumerate all SAP users, leading to Information Disclosure.
Sap Abap Platform 7.50Sap Abap Platform 7.40Sap Abap Platform 7.31Sap Abap Platform 700Sap Abap Platform 701Sap Abap Platform 702Sap Abap Platform 710Sap Abap Platform 711Sap Abap Platform 751Sap Abap Platform 753Sap Abap Platform 755Sap Netweaver Application Server Abap 700Sap Netweaver Application Server Abap 701Sap Netweaver Application Server Abap 702Sap Netweaver Application Server Abap 710Sap Netweaver Application Server Abap 711Sap Netweaver Application Server Abap 731Sap Netweaver Application Server Abap 740Sap Netweaver Application Server Abap 750Sap Netweaver Application Server Abap 751Sap Netweaver Application Server Abap 753Sap Netweaver Application Server Abap 755
4.3
CVSSv3
CVE-2020-6299
SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 740, 750, 751, 752, 753, 754, 755, allows a business user to access the list of users in the given system using value help, leading to Information Disclosure.
Sap Abap Platform 751Sap Abap Platform 753Sap Abap Platform 755Sap Abap Platform 740Sap Abap Platform 750Sap Abap Platform 754Sap Netweaver Application Server Abap 750Sap Netweaver Application Server Abap 753Sap Netweaver Application Server Abap 754Sap Netweaver Application Server Abap 740Sap Netweaver Application Server Abap 751Sap Netweaver Application Server Abap 755
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middleCVE-2024-34558CVE-2024-32674CVE-2024-34351XPath injectionCVE-2023-45866CVE-2024-25528CVE-2024-25517path traversal
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook