Vulnerabilities (CVE)

Vendor filter

Sap Subscribe

Filter

414 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-0380 1 Sap 1 Landscape Management 2019-10-15 4.0
Under certain conditions, SAP Landscape Management enterprise edition, before version 3.0, allows custom secure parameters? default values to be part of the application logs leading to Information Disclosure.
CVE-2019-0379 1 Sap 1 Process Integration 2019-10-15 5.0
SAP Process Integration, business-to-business add-on, versions 1.0, 2.0, does not perform authentication check properly when the default security provider is changed to BouncyCastle (BC), leading to Missing Authentication Check
CVE-2019-0370 1 Sap 1 Financial Consolidation 2019-10-11 6.4
Due to missing input validation, SAP Financial Consolidation, before versions 10.0 and 10.1, enables an attacker to use crafted input to interfere with the structure of the surrounding query leading to XPath Injection.
CVE-2019-0367 1 Sap 1 Netweaver Process Integration 2019-10-10 4.0
SAP NetWeaver Process Integration (B2B Toolkit), before versions 1.0 and 2.0, does not perform necessary authorization checks for an authenticated user, allowing the import of B2B table content that leads to Missing Authorization Check.
CVE-2019-0356 1 Sap 1 Netweaver Process Integration 2019-10-10 4.0
Under certain conditions SAP NetWeaver Process Integration Runtime Workbench ? MESSAGING and SAP_XIAF (before versions 7.31, 7.40, 7.50) allows an attacker to access information which would otherwise be restricted.
CVE-2019-0349 1 Sap 1 Advanced Business Application Programming Platform Kernel 2019-10-10 6.5
SAP Kernel (ABAP Debugger), versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21, 7.49, 7.53, 7.73,...
CVE-2018-2428 1 Sap 2 Infrastructure, Ui 2019-10-09 5.0
Under certain conditions SAP UI5 Handler allows an attacker to access information which would otherwise be restricted. Software components affected are: SAP Infrastructure 1.0, SAP UI 7.4, 7.5, 7.51, 7.52 and version 2.0 of SAP UI for SAP NetWeaver 7.00.
CVE-2018-2424 1 Sap 4 Hana Database, Ui, Ui5 and 1 more 2019-10-09 5.0
SAP UI5 did not validate user input before adding it to the DOM structure. This may lead to malicious user-provided JavaScript code being added to the DOM that could steal user information. Software components affected are: SAP Hana Database...
CVE-2018-2423 1 Sap 1 Internet Graphics Server 2019-10-09 5.0
SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, HTTP and RFC listener allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.
CVE-2018-2422 1 Sap 1 Internet Graphics Server 2019-10-09 5.0
SAP Internet Graphics Server (IGS) Portwatcher, 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.
CVE-2018-2421 1 Sap 1 Internet Graphics Server 2019-10-09 5.0
SAP Internet Graphics Server (IGS) Portwatcher, 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.
CVE-2018-2419 1 Sap 3 Ea-finserv, S4core, Sapscore 2019-10-09 5.5
SAP Enterprise Financial Services (SAPSCORE 1.11, 1.12; S4CORE 1.01, 1.02; EA-FINSERV 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
CVE-2018-2417 1 Sap 1 Identity Management 2019-10-09 5.0
Under certain conditions, the SAP Identity Management 8.0 (pass of type ToASCII) allows an attacker to access information which would otherwise be restricted.
CVE-2018-2415 1 Sap 2 J2ee Engine Server Core, Netweaver Java Web Container And Http Service Engine 2019-10-09 4.3
SAP NetWeaver Application Server Java Web Container and HTTP Service (Engine API, from 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; J2EE Engine Server Core 7.11, 7.30, 7.31, 7.40, 7.50) do not sufficiently encode user controlled inputs, resulting in a...
CVE-2018-2413 1 Sap 1 Disclosure Management 2019-10-09 6.5
SAP Disclosure Management 10.1 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
CVE-2018-2412 1 Sap 1 Disclosure Management 2019-10-09 6.5
SAP Disclosure Management 10.1 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
CVE-2018-2409 1 Sap 1 Cloud Platform 2019-10-09 6.5
Improper session management when using SAP Cloud Platform 2.0 (Connectivity Service and Cloud Connector). Under certain conditions, data of some other user may be shown or modified when using an application built on top of SAP Cloud Platform.
CVE-2018-2406 1 Sap 1 Crystal Reports Server 2019-10-09 4.6
Unquoted windows search path (directory/path traversal) vulnerability in Crystal Reports Server, OEM Edition (CRSE), 4.0, 4.10, 4.20, 4.30, startup path.
CVE-2018-2403 1 Sap 1 Disclosure Management 2019-10-09 4.0
Under certain conditions, SAP Disclosure Management 10.1 allows an attacker to access information which would otherwise be restricted. It is possible for an authorized user to get SAP Disclosure Management to point a specific chapter type to a...
CVE-2018-2399 1 Sap 1 Process Monitoring Infrastructure 2019-10-09 4.3
Cross-Site Scripting in Process Monitoring Infrastructure, from 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, due to inefficient encoding of user controlled inputs.