Security Vulnerabilities - CVEs Published In January 2021
SAP NetWeaver AS ABAP, versions 740, 750, 751, 752, 753, 754, 755, allows an unauthenticated attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service, this has a high impact on the availability of the service.
CVSS Score
7.5
EPSS Score
0.006
Published
2021-01-12
SAP BusinessObjects Business Intelligence platform, versions 410, 420, allows an authenticated attacker to inject malicious JavaScript payload into the custom value input field of an Input Control, which can be executed by User who views the relevant application content, which leads to Stored Cross-Site Scripting.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-01-12
SAP GUI for Windows, version - 7.60, allows an attacker to spoof logon credentials for Application Server ABAP backend systems in the client PCs memory. Under certain conditions the attacker can access information which would otherwise be restricted. The exploit can only be executed locally on the client PC and not via Network and the attacker needs at least user authorization of the Operating System user of the victim.
CVSS Score
5.3
EPSS Score
0.001
Published
2021-01-12
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated IFF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
CVSS Score
4.3
EPSS Score
0.005
Published
2021-01-12
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PSD file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
CVSS Score
4.3
EPSS Score
0.005
Published
2021-01-12
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated SGI file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
CVSS Score
4.3
EPSS Score
0.005
Published
2021-01-12
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated GIF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
CVSS Score
4.3
EPSS Score
0.005
Published
2021-01-12
Information disclosure vulnerability in HCL Commerce 9.0.1.9 through 9.0.1.14 and 9.1 through 9.1.4 could allow a remote attacker to obtain user personal data via unknown vectors.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-01-12
Security vulnerability in HCL Commerce 9.0.0.5 through 9.0.0.13, 9.0.1.0 through 9.0.1.14 and 9.1 through 9.1.4 could allow denial of service, disclosure of user personal data, and performing of unauthorized administrative operations.
CVSS Score
9.8
EPSS Score
0.005
Published
2021-01-12
The "Test Connection" available in v7.x of the Red Hat Single Sign On application console can permit an authorized user to cause SMTP connections to be attempted to arbitrary hosts and ports of the user's choosing, and originating from the RHSSO installation. By observing differences in the timings of these scans, an attacker may glean information about hosts and ports which they do not have access to scan directly.
CVSS Score
2.7
EPSS Score
0.003
Published
2021-01-12