Export limit exceeded: 339825 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (9864 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-6233 | 1 Sap | 2 Banking Services From Sap, S\/4hana Financial Products Subledger | 2024-11-21 | 4.3 Medium |
| SAP S/4 HANA (Financial Products Subledger and Banking Services), versions - FSAPPL 400, 450, 500 and S4FPSL 100, allows an authenticated user to run an analysis report due to Missing Authorization Check, resulting in slowing the system. | ||||
| CVE-2020-6232 | 1 Sap | 1 Commerce Cloud | 2024-11-21 | 5.3 Medium |
| SAP Commerce, versions 1811, 1905, does not perform necessary authorization checks for an anonymous user, due to Missing Authorization Check. This affects confidentiality of secure media. | ||||
| CVE-2020-6214 | 1 Sap | 1 S\/4hana | 2024-11-21 | 4.7 Medium |
| SAP S/4HANA (Financial Products Subledger), version 100, uses an incorrect authorization object in some reports. Although the affected reports are protected with other authorization objects, exploitation of the vulnerability would allow an authenticated attacker to view, change, or delete data, thereby preventing the proper segregation of duties in the system. | ||||
| CVE-2020-6212 | 1 Sap | 2 Erp, S\/4hana | 2024-11-21 | 5.4 Medium |
| Egypt localized withholding tax reports Clearing of Liabilities and Remittance Statement and Summary in SAP ERP (versions 618, 730, EAPPLGLO 607) and S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorization checks for an authenticated user, allowing reading or modification of some tax reports, due to Missing Authorization Check. | ||||
| CVE-2020-6209 | 1 Sap | 1 Disclosure Management | 2024-11-21 | 7.5 High |
| SAP Disclosure Management, version 10.1, does not perform necessary authorization checks for an authenticated user, allowing access to administration accounts by a user with no roles, leading to Missing Authorization Check. | ||||
| CVE-2020-6204 | 1 Sap | 2 Treasury And Risk Management \(ea-finserv\), Treasury And Risk Management \(s4core\) | 2024-11-21 | 4.3 Medium |
| The selection query in SAP Treasury and Risk Management (Transaction Management) (EA-FINSERV?versions 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104) returns more records than it should be when selecting and displaying the contract number, leading to Missing Authorization Check. | ||||
| CVE-2020-6199 | 1 Sap | 1 Erp | 2024-11-21 | 5.4 Medium |
| The view FIMENAV_COMPCERT in SAP ERP (MENA Certificate Management), EAPPGLO version 607, SAP_FIN versions- 618, 730 and SAP S/4HANA (MENA Certificate Management), S4CORE versions- 100, 101, 102, 103, 104; does not have any authorization check to it due to which an attacker without an authorization group can maintain any company certificate, leading to Missing Authorization Check. | ||||
| CVE-2020-6188 | 1 Sap | 2 Erp, S\/4 Hana | 2024-11-21 | 8.8 High |
| VAT Pro-Rata reports in SAP ERP (SAP_APPL versions 600, 602, 603, 604, 605, 606, 616 and SAP_FIN versions 617, 618, 700, 720, 730) and SAP S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorization checks for an authenticated user leading to Missing Authorization Check. | ||||
| CVE-2020-6183 | 1 Sap | 1 Host Agent | 2024-11-21 | 6.5 Medium |
| SAP Host Agent, version 7.21, allows an unprivileged user to read the shared memory or write to the shared memory by sending request to the main SAPOSCOL process and receive responses that may contain data read with user root privileges e.g. size of any directory, system hardware and OS details, leading to Missing Authorization Check vulnerability. | ||||
| CVE-2020-6168 | 1 Webfactoryltd | 1 Minimal Coming Soon \& Maintenance Mode | 2024-11-21 | 7.6 High |
| A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.10, allows authenticated users with basic access to enable and disable maintenance-mode settings (impacting the availability and confidentiality of a vulnerable site, along with the integrity of the setting). | ||||
| CVE-2020-5418 | 1 Cloudfoundry | 2 Capi-release, Cf-deployment | 2024-11-21 | 4.3 Medium |
| Cloud Foundry CAPI (Cloud Controller) versions prior to 1.98.0 allow authenticated users having only the "cloud_controller.read" scope, but no roles in any spaces, to list all droplets in all spaces (whereas they should see none). | ||||
| CVE-2020-5396 | 1 Vmware | 2 Gemfire, Tanzu Gemfire For Virtual Machines | 2024-11-21 | 8.8 High |
| VMware GemFire versions prior to 9.10.0, 9.9.2, 9.8.7, and 9.7.6, and VMware Tanzu GemFire for VMs versions prior to 1.11.1 and 1.10.2, when deployed without a SecurityManager, contain a JMX service available which contains an insecure default configuration. This allows a malicious user to create an MLet mbean leading to remote code execution. | ||||
| CVE-2020-5372 | 1 Dell | 10 Emc Powerstore 1000, Emc Powerstore 1000 Firmware, Emc Powerstore 3000 and 7 more | 2024-11-21 | 8.6 High |
| Dell EMC PowerStore versions prior to 1.0.1.0.5.002 contain a vulnerability that exposes test interface ports to external network. A remote unauthenticated attacker could potentially cause Denial of Service via test interface ports which are not used during run time environment. | ||||
| CVE-2020-5368 | 1 Dell | 4 Vxrail D560, Vxrail D560 Firmware, Vxrail D560f and 1 more | 2024-11-21 | 9.8 Critical |
| Dell EMC VxRail versions 4.7.410 and 4.7.411 contain an improper authentication vulnerability. A remote unauthenticated attacker may exploit this vulnerability to obtain sensitive information in an encrypted form. | ||||
| CVE-2020-5362 | 1 Dell | 708 Chengming 3967, Chengming 3967 Firmware, Chengming 3977 and 705 more | 2024-11-21 | 7.1 High |
| Dell Client Consumer and Commercial platforms include an improper authorization vulnerability in the Dell Manageability interface for which an unauthorized actor, with local system access with OS administrator privileges, could bypass the BIOS Administrator authentication to restore BIOS Setup configuration to default values. | ||||
| CVE-2020-5345 | 1 Dell | 3 Emc Unisphere For Powermax, Emc Unisphere For Powermax Virtual Appliance, Powermax Os | 2024-11-21 | 6.4 Medium |
| Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC Unisphere for PowerMax Virtual Appliance versions prior to 9.1.0.17, and PowerMax OS Release 5978 contain an authorization bypass vulnerability. An authenticated malicious user may potentially execute commands to alter or stop database statistics. | ||||
| CVE-2020-5343 | 1 Dell | 1 Os Recovery Image For Microsoft Windows 10 | 2024-11-21 | 7.3 High |
| Dell Client platforms restored using a Dell OS recovery image downloaded before December 20, 2019, may contain an insecure inherited permissions vulnerability. A local authenticated malicious user with low privileges could exploit this vulnerability to gain unauthorized access on the root folder. | ||||
| CVE-2020-5333 | 1 Rsa | 1 Archer | 2024-11-21 | 4.3 Medium |
| RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain an authorization bypass vulnerability in the REST API. A remote authenticated malicious Archer user could potentially exploit this vulnerability to view unauthorized information. | ||||
| CVE-2020-5318 | 1 Dell | 1 Emc Isilon Onefs | 2024-11-21 | 7.5 High |
| Dell EMC Isilon OneFS versions 8.1.2, 8.1.0.4, 8.1.0.3, and 8.0.0.7 contain a vulnerability in some configurations. An attacker may exploit this vulnerability to gain access to restricted files. The non-RAN HTTP and WebDAV file-serving components have a vulnerability wherein when either are enabled, and Basic Authentication is enabled for either or both components, files are accessible without authentication. | ||||
| CVE-2020-5293 | 1 Prestashop | 1 Prestashop | 2024-11-21 | 6.5 Medium |
| In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there are improper access controls on product page with combinations, attachments and specific prices. The problem is fixed in 1.7.6.5. | ||||