Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database

PUBLISHED: 2020-02-12

The AUEPLauncher service in Radeon AMD User Experience Program Launcher through on Windows allows elevation of privilege by placing a crafted file in %PROGRAMDATA%AMDPPCupload and then creating a symbolic link in %PROGRAMDATA%AMDPPCtemp that points to an arbitrary folder with an arbitr…

PUBLISHED: 2020-02-12

Under certain conditions ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS versions 7.50, 7.51, 7.52, 7.53, 7.54), allows an authenticated attacker to store a malicious payload which results in Stored Cross Site Scripting vulnerability.

PUBLISHED: 2020-02-12

SAP Host Agent, version 7.21, allows an attacker to cause a slowdown in processing of username/password-based authentication requests of the SAP Host Agent, leading to Denial of Service.

PUBLISHED: 2020-02-12

SAP NetWeaver (Guided Procedures), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML document input from a compromised admin, leading to Denial of Service.

PUBLISHED: 2020-02-12

VAT Pro-Rata reports in SAP ERP (SAP_APPL versions 600, 602, 603, 604, 605, 606, 616 and SAP_FIN versions 617, 618, 700, 720, 730) and SAP S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorization checks for an authenticated user leading to Missing Authorization Check.

Source link

Write a comment:

Your email address will not be published.