Security Vulnerabilities - CVEs Published In July 2020
Logout mechanism in SAP Disclosure Management, version 10.1, does not invalidate one of the session cookies, leading to Insufficient Session Expiration.
CVSS Score
4.6
EPSS Score
0.002
Published
2020-07-14
IBM QRadar SIEM 7.3 and 7.4 could allow a remote privileged user to execute commands.
CVSS Score
9.1
EPSS Score
0.008
Published
2020-07-14
IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182368.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-07-14
Some sensitive cookies in SAP Disclosure Management, version 10.1, are missing HttpOnly flag, leading to sensitive cookie without Http Only flag.
CVSS Score
6.3
EPSS Score
0.002
Published
2020-07-14
SAP Business Objects Business Intelligence Platform (bipodata), version 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-07-14
SAP Business Objects Business Intelligence Platform (BI Launchpad and CMC), versions 4.1, 4.2, allows to an attacker to embed malicious scripts in the application while uploading images, which gets executed when the victim opens these files, leading to Stored Cross Site Scripting
CVSS Score
5.4
EPSS Score
0.001
Published
2020-07-14
SAP NetWeaver (ABAP Server) and ABAP Platform, versions 731, 740, 750, allows an attacker with admin privileges to access certain files which should otherwise be restricted, leading to Information Disclosure.
CVSS Score
2.7
EPSS Score
0.004
Published
2020-07-14
SAP Business Objects Business Intelligence Platform (BI Launchpad), version 4.2, does not sufficiently encode user-controlled inputs, resulting reflected in Cross-Site Scripting.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-07-14
SAP NetWeaver AS JAVA (IIOP service) (SERVERCORE), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, and SAP NetWeaver AS JAVA (IIOP service) (CORE-TOOLS), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send a crafted request from a vulnerable web application. It is usually used to target internal systems behind firewalls that are normally inaccessible to an attacker from the external network, resulting in a Server-Side Request Forgery vulnerability.
CVSS Score
5.8
EPSS Score
0.001
Published
2020-07-14
SAP NetWeaver - XML Toolkit for JAVA (ENGINEAPI) (versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50), under certain conditions allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure.
CVSS Score
7.7
EPSS Score
0.003
Published
2020-07-14