cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2020-6240,https://securityvulnerability.io/vulnerability/CVE-2020-6240,,"SAP NetWeaver AS ABAP (Web Dynpro ABAP), versions (SAP_UI 750, 752, 753, 754 and SAP_BASIS 700, 710, 730, 731, 804) allows an unauthenticated attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service leading to Denial of Service",SAP,"SAP Netweaver As Abap (web Dynpro Abap) (SAP Ui),SAP Netweaver As Abap (web Dynpro Abap) (SAP Basis)",5.3,MEDIUM,0.0012400000123307109,false,false,false,false,,false,false,2020-05-12T17:46:58.000Z,0
CVE-2020-6205,https://securityvulnerability.io/vulnerability/CVE-2020-6205,,"SAP NetWeaver AS ABAP Business Server Pages (Smart Forms), SAP_BASIS versions- 7.00, 7.01, 7.02, 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, 7.51, 7.52, 7.53, 7.54; does not sufficiently encode user controlled inputs, allowing an unauthenticated attacker to non-permanently deface or modify displayed content and/or steal authentication information of the user and/or impersonate the user and access all information with the same rights as the target user, leading to Reflected Cross Site Scripting Vulnerability.",SAP,SAP Netweaver Application Server Abap (smart Forms) - SAP Basis,6.1,MEDIUM,0.0008999999845400453,false,false,false,false,,false,false,2020-03-10T20:20:21.000Z,0
CVE-2020-6185,https://securityvulnerability.io/vulnerability/CVE-2020-6185,,"Under certain conditions ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS versions 7.50, 7.51, 7.52, 7.53, 7.54), allows an authenticated attacker to store a malicious payload which results in Stored Cross Site Scripting vulnerability.",SAP,"SAP Netweaver (SAP Basis),SAP S/4hana (SAP Basis)",5.4,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2020-02-12T19:56:20.000Z,0
CVE-2020-6181,https://securityvulnerability.io/vulnerability/CVE-2020-6181,,"Under some circumstances the SAML SSO implementation in the SAP NetWeaver (SAP_BASIS versions 702, 730, 731, 740 and SAP ABAP Platform (SAP_BASIS versions 750, 751, 752, 753, 754), allows an attacker to include invalidated data in the HTTP response header sent to a Web user, leading to HTTP Response Splitting vulnerability.",SAP,"SAP Netweaver (SAP Basis),SAP Abap Platform (SAP Basis)",5.8,MEDIUM,0.0008999999845400453,false,false,false,false,,false,false,2020-02-12T19:46:52.000Z,0
CVE-2019-0328,https://securityvulnerability.io/vulnerability/CVE-2019-0328,,"ABAP Tests Modules (SAP Basis, versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5) of SAP NetWeaver Process Integration enables an attacker the execution of OS commands with privileged rights. An attacker could thereby impact the integrity and availability of the system.",SAP,SAP Netweaver Process Integration Abap Tests (SAP Basis),7.2,HIGH,0.01042999979108572,false,false,false,false,,false,false,2019-07-10T19:10:37.000Z,0
CVE-2018-2494,https://securityvulnerability.io/vulnerability/CVE-2018-2494,,"Necessary authorization checks for an authenticated user, resulting in escalation of privileges, have been fixed in SAP Basis AS ABAP of SAP NetWeaver 700 to 750, from 750 onwards delivered as ABAP Platform.",SAP,"SAP Basis (as Abap Of SAP Netweaver),SAP Basis (abap Platform)",8,HIGH,0.0010400000028312206,false,false,false,false,,false,false,2018-12-11T23:00:00.000Z,0
CVE-2016-4551,https://securityvulnerability.io/vulnerability/CVE-2016-4551,,"The (1) SAP_BASIS and (2) SAP_ABA components 7.00 SP Level 0031 in SAP NetWeaver 2004s might allow remote attackers to spoof IP addresses written to the Security Audit Log via vectors related to the network landscape, aka SAP Security Note 2190621.",SAP,"Netweaver,SAP Aba,SAP Basis",7.5,HIGH,0.0027600000612437725,false,false,false,false,,false,false,2016-10-05T16:00:00.000Z,0
CVE-2007-3496,https://securityvulnerability.io/vulnerability/CVE-2007-3496,,"Cross-site scripting (XSS) vulnerability in SAP Web Dynpro Java (BC-WD-JAV) in SAP NetWeaver Nw04 SP15 through SP19 and Nw04s SP7 through SP11, aka SAP Java Technology Services 640 before SP20 and SAP Web Dynpro Runtime Core Components 700 before SP12, allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header.",SAP,"Netweaver Nw04,SAP Basis Component 700,Netweaver Nw04s,SAP Basis Component 640",,,0.005869999993592501,false,false,false,false,,false,false,2007-06-29T18:00:00.000Z,0