Search
Total
6 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-26828 | 1 Sap | 1 Disclosure Management | 2020-12-11 | 5.5 MEDIUM | 6.4 MEDIUM |
| SAP Disclosure Management, version - 10.1, provides capabilities for authorized users to upload and download content of specific file type. In some file types it is possible to enter formulas which can call external applications or execute scripts. The execution of a payload (script) on target machine could be used to steal and modify the data available in the spreadsheet | |||||
| CVE-2018-2403 | 1 Sap | 1 Disclosure Management | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| Under certain conditions, SAP Disclosure Management 10.1 allows an attacker to access information which would otherwise be restricted. It is possible for an authorized user to get SAP Disclosure Management to point a specific chapter type to a chapter the user has not been given access to. | |||||
| CVE-2020-6267 | 1 Sap | 1 Disclosure Management | 2020-07-23 | 5.8 MEDIUM | 5.4 MEDIUM |
| Some sensitive cookies in SAP Disclosure Management, version 10.1, are missing HttpOnly flag, leading to sensitive cookie without Http Only flag. | |||||
| CVE-2020-6290 | 1 Sap | 1 Disclosure Management | 2020-07-14 | 6.8 MEDIUM | 6.3 MEDIUM |
| SAP Disclosure Management, version 10.1, is vulnerable to Session Fixation attacks wherein the attacker tricks the user into using a specific session ID. | |||||
| CVE-2020-6303 | 1 Sap | 1 Disclosure Management | 2020-01-24 | 3.5 LOW | 5.4 MEDIUM |
| SAP Disclosure Management, before version 10.1, does not validate user input properly in specific use cases leading to Cross-Site Scripting. | |||||
| CVE-2019-0254 | 1 Sap | 1 Disclosure Management | 2019-02-20 | 3.5 LOW | 5.4 MEDIUM |
| SAP Disclosure Management (before version 10.1 Stack 1301) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | |||||