Vulnerabilities (CVE)

Vendor filter

Sap Subscribe

Filter

48 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-0381 1 Sap 3 Dynamic Tier, Sap Iq, Sql Anywhere 2019-10-15 2.1
A binary planting in SAP SQL Anywhere, before version 17.0, SAP IQ, before version 16.1, and SAP Dynamic Tier, before versions 1.0 and 2.0, can result in the inadvertent access of files located in directories outside of the paths specified by the user.
CVE-2019-0369 1 Sap 1 Financial Consolidation 2019-10-10 3.5
SAP Financial Consolidation, before versions 10.0 and 10.1, does not sufficiently encode user-controlled inputs, which allows an attacker to execute scripts by uploading files containing malicious scripts, leading to reflected cross site...
CVE-2019-0374 1 Sap 1 Businessobjects Business Intelligence Platform 2019-10-10 3.5
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows execution of scripts in the chart title resulting in reflected...
CVE-2019-0375 1 Sap 1 Businessobjects Business Intelligence Platform 2019-10-10 3.5
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows execution of scripts in the export dialog box of the report name...
CVE-2019-0376 1 Sap 1 Businessobjects Business Intelligence Platform 2019-10-10 3.5
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows an attacker to save malicious scripts in the publication name, which...
CVE-2019-0377 1 Sap 1 Businessobjects Business Intelligence Platform 2019-10-10 3.5
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2, does not sufficiently encode user-controlled inputs and allows an attacker to store malicious scripts in the input controls, resulting in...
CVE-2019-0378 1 Sap 1 Businessobjects Business Intelligence Platform 2019-10-10 3.5
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before version 4.2, does not sufficiently encode user-controlled inputs and allows an attacker to store malicious scripts in the file name of the background...
CVE-2019-0316 1 Sap 1 Netweaver Process Integration 2019-10-10 3.5
SAP NetWeaver Process Integration, versions: SAP_XIESR: 7.20, SAP_XITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate user-controlled inputs, which allows an attacker possessing admin privileges to read and modify data...
CVE-2018-2425 1 Sap 1 Business One 2019-10-09 2.1
Under certain conditions, SAP Business One, 9.2, 9.3, for SAP HANA backup service allows an attacker to access information which would otherwise be restricted.
CVE-2018-2410 1 Sap 1 Business One 2019-10-09 3.5
SAP Business One, 9.2, 9.3, browser access does not sufficiently encode user controlled inputs, which results in a Cross-Site Scripting (XSS) vulnerability.
CVE-2018-2405 1 Sap 1 Solution Manager 2019-10-09 3.5
SAP Solution Manager, 7.10, 7.20, Incident Management Work Center allows an attacker to upload a malicious script as an attachment and this could lead to possible Cross-Site Scripting.
CVE-2018-2402 1 Sap 1 Hana 2019-10-09 3.5
In systems using the optional capture & replay functionality of SAP HANA, 1.00 and 2.00, (see SAP Note 2362820 for more information about capture & replay), user credentials may be stored in clear text in the indexserver trace files of the...
CVE-2018-2397 1 Sap 1 Businessobjects Business Intelligence Platform 2019-10-09 3.5
In SAP Business Objects Business Intelligence Platform, 4.00, 4.10, 4.20, 4.30, the Central Management Console (CMC) does not sufficiently encode user controlled inputs which results in Cross-Site Scripting.
CVE-2018-2503 1 Sap 1 Netweaver 2019-10-03 3.3
By default, the SAP NetWeaver AS Java keystore service does not sufficiently restrict the access to resources that should be protected. This has been fixed in SAP NetWeaver AS Java (ServerCore versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50).
CVE-2019-0353 1 Sap 1 Business One Client 2019-09-10 2.1
Under certain conditions SAP Business One client (B1_ON_HANA, SAP-M-BO), before versions 9.2 and 9.3, allows an attacker to access information which would otherwise be restricted.
CVE-2016-6858 1 Sap 1 Hybris 2019-08-27 3.5
Cross-site scripting (XSS) vulnerability in the Create Employee feature in Hybris Management Console (HMC) in SAP Hybris before 5.0.4.11, 5.1.0.x before 5.1.0.11, 5.1.1.x before 5.1.1.12, 5.2.0.x and 5.3.0.x before 5.3.0.10, 5.4.x before 5.4.0.9,...
CVE-2019-0318 1 Sap 1 Netweaver Application Server Java 2019-07-17 3.5
Under certain conditions SAP NetWeaver Application Server for Java (Startup Framework), versions 7.21, 7.22, 7.45, 7.49, and 7.53, allows an attacker to access information which would otherwise be restricted.
CVE-2019-0307 1 Sap 1 Solution Manager 2019-06-13 2.7
Diagnostics Agent in Solution Manager, version 7.2, stores several credentials such as SLD user connection as well as Solman user communication in the SAP Secure Storage file which is not encrypted by default. By decoding these credentials, an...
CVE-2019-0308 1 Sap 1 E-commerce 2019-06-13 3.5
An authenticated attacker in SAP E-Commerce (Business-to-Consumer application), versions 7.3, 7.31, 7.32, 7.33, 7.54, can change the price of the product to zero and also checkout, by injecting an HTML code in the application that will be...
CVE-2019-0291 1 Sap 1 Solution Manager 2019-05-16 2.1
Under certain conditions Solution Manager, version 7.2, allows an attacker to access information which would otherwise be restricted.