Vulnerabilities (CVE)

Vendor filter

Sap Subscribe

Filter

601 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-2420 1 Sap 1 Internet Graphics Server 2019-10-09 7.5
SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to upload any file (including script files) without proper file format validation.
CVE-2018-2419 1 Sap 3 Ea-finserv, S4core, Sapscore 2019-10-09 5.5
SAP Enterprise Financial Services (SAPSCORE 1.11, 1.12; S4CORE 1.01, 1.02; EA-FINSERV 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
CVE-2018-2417 1 Sap 1 Identity Management 2019-10-09 5.0
Under certain conditions, the SAP Identity Management 8.0 (pass of type ToASCII) allows an attacker to access information which would otherwise be restricted.
CVE-2018-2415 1 Sap 2 J2ee Engine Server Core, Netweaver Java Web Container And Http Service Engine 2019-10-09 4.3
SAP NetWeaver Application Server Java Web Container and HTTP Service (Engine API, from 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; J2EE Engine Server Core 7.11, 7.30, 7.31, 7.40, 7.50) do not sufficiently encode user controlled inputs, resulting in a...
CVE-2018-2413 1 Sap 1 Disclosure Management 2019-10-09 6.5
SAP Disclosure Management 10.1 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
CVE-2018-2412 1 Sap 1 Disclosure Management 2019-10-09 6.5
SAP Disclosure Management 10.1 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
CVE-2018-2410 1 Sap 1 Business One 2019-10-09 3.5
SAP Business One, 9.2, 9.3, browser access does not sufficiently encode user controlled inputs, which results in a Cross-Site Scripting (XSS) vulnerability.
CVE-2018-2409 1 Sap 1 Cloud Platform 2019-10-09 6.5
Improper session management when using SAP Cloud Platform 2.0 (Connectivity Service and Cloud Connector). Under certain conditions, data of some other user may be shown or modified when using an application built on top of SAP Cloud Platform.
CVE-2018-2408 1 Sap 1 Businessobjects 2019-10-09 7.5
Improper Session Management in SAP Business Objects, 4.0, from 4.10, from 4.20, 4.30, CMC/BI Launchpad/Fiorified BI Launchpad. In case of password change for a user, all other active sessions created using older password continues to be active.
CVE-2018-2406 1 Sap 1 Crystal Reports Server 2019-10-09 4.6
Unquoted windows search path (directory/path traversal) vulnerability in Crystal Reports Server, OEM Edition (CRSE), 4.0, 4.10, 4.20, 4.30, startup path.
CVE-2018-2405 1 Sap 1 Solution Manager 2019-10-09 3.5
SAP Solution Manager, 7.10, 7.20, Incident Management Work Center allows an attacker to upload a malicious script as an attachment and this could lead to possible Cross-Site Scripting.
CVE-2018-2404 1 Sap 1 Disclosure Management 2019-10-09 7.5
SAP Disclosure Management 10.1 allows an attacker to upload any file without proper file format validation.
CVE-2018-2403 1 Sap 1 Disclosure Management 2019-10-09 4.0
Under certain conditions, SAP Disclosure Management 10.1 allows an attacker to access information which would otherwise be restricted. It is possible for an authorized user to get SAP Disclosure Management to point a specific chapter type to a...
CVE-2018-2402 1 Sap 1 Hana 2019-10-09 3.5
In systems using the optional capture & replay functionality of SAP HANA, 1.00 and 2.00, (see SAP Note 2362820 for more information about capture & replay), user credentials may be stored in clear text in the indexserver trace files of the...
CVE-2018-2399 1 Sap 1 Process Monitoring Infrastructure 2019-10-09 4.3
Cross-Site Scripting in Process Monitoring Infrastructure, from 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, due to inefficient encoding of user controlled inputs.
CVE-2018-2398 1 Sap 1 Business Client 2019-10-09 5.0
Under certain conditions SAP Business Client 6.5 allows an attacker to access information which would otherwise be restricted.
CVE-2018-2397 1 Sap 1 Businessobjects Business Intelligence Platform 2019-10-09 3.5
In SAP Business Objects Business Intelligence Platform, 4.00, 4.10, 4.20, 4.30, the Central Management Console (CMC) does not sufficiently encode user controlled inputs which results in Cross-Site Scripting.
CVE-2018-2433 1 Sap 1 Sap Kernel 2019-10-03 5.0
SAP Gateway (SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.53) allows an attacker to prevent legitimate users from accessing a service,...
CVE-2018-2461 1 Sap 1 People Profile 2019-10-03 6.5
Missing authorization check in SAP HCM Fiori "People Profile" (GBX01 HR version 6.0) for an authenticated user which may result in an escalation of privileges.
CVE-2018-2484 1 Sap 4 Bank%2fcfm, Ea-finserv, S4score and 1 more 2019-10-03 6.5
SAP Enterprise Financial Services (fixed in SAPSCORE 1.13, 1.14, 1.15; S4CORE 1.01, 1.02, 1.03; EA-FINSERV 1.10, 2.0, 5.0, 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0; Bank/CFM 4.63_20) does not perform necessary authorization checks for...