Vulnerabilities (CVE)

Vendor filter

Sap Subscribe

Filter

601 total CVE
CVE Vendors Products Updated CVSS
CVE-2017-7696 1 Sap 1 Sso Authentication Library 2019-10-03 5.0
SAP AS JAVA SSO Authentication Library 2.0 through 3.0 allow remote attackers to cause a denial of service (memory consumption) via large values in the width and height parameters to otp_logon_ui_resources/qr, aka SAP Security Note 2389042.
CVE-2018-2461 1 Sap 1 People Profile 2019-10-03 6.5
Missing authorization check in SAP HCM Fiori "People Profile" (GBX01 HR version 6.0) for an authenticated user which may result in an escalation of privileges.
CVE-2018-2376 1 Sap 1 Hana Extend Application Services 2019-10-03 5.5
In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could retrieve application environments within that space.
CVE-2018-2494 1 Sap 1 Business Application Software Integrated Solution 2019-10-03 6.5
Necessary authorization checks for an authenticated user, resulting in escalation of privileges, have been fixed in SAP Basis AS ABAP of SAP NetWeaver 700 to 750, from 750 onwards delivered as ABAP Platform.
CVE-2018-2391 1 Sap 1 Internet Graphics Server 2019-10-03 4.0
Under certain conditions a malicious user can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, via IGS portwatcher service.
CVE-2018-2459 1 Sap 1 Mobile Platform 2019-10-03 5.0
Users of an SAP Mobile Platform (version 3.0) Offline OData application, which uses Offline OData-supplied delta tokens (which is on by default), occasionally receive some data values of a different user.
CVE-2018-2455 1 Sap 1 Enterprise Financial Services 2019-10-03 6.5
SAP Enterprise Financial Services, versions 6.05, 6.06, 6.16, 6.17, 6.18, 8.0 (in business function EAFS_BCA_BUSOPR_SEPA) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
CVE-2018-2396 1 Sap 1 Internet Graphics Server 2019-10-03 4.0
Under certain conditions a malicious user can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, using IGS Interpreter service.
CVE-2017-9843 1 Sap 1 Netweaver Abap 2019-10-03 4.0
SAP NetWeaver AS ABAP 7.40 allows remote authenticated users with certain privileges to cause a denial of service (process crash) via vectors involving disp+work.exe, aka SAP Security Note 2406841.
CVE-2018-2451 1 Sap 1 Hana Extended Application Services 2019-10-03 6.0
XS Command-Line Interface (CLI) user sessions with the SAP HANA Extended Application Services (XS), version 1, advanced server may have an unintentional prolonged period of validity. Consequently, a platform user could access controller resources...
CVE-2017-15295 1 Sap 1 Point Of Sale Xpress Server 2019-10-03 10.0
Xpress Server in SAP POS does not require authentication for read/write/delete file access. This is SAP Security Note 2520064.
CVE-2017-6950 1 Sap 1 Gui For Windows 2019-10-03 7.5
SAP GUI 7.2 through 7.5 allows remote attackers to bypass intended security policy restrictions and execute arbitrary code via a crafted ABAP code, aka SAP Security Note 2407616.
CVE-2019-0365 1 Sap 5 Sap Kernel, Sap Kernel Krnl32nuc, Sap Kernel Krnl32uc and 2 more 2019-09-11 7.8
SAP Kernel (RFC), KRNL32NUC, KRNL32UC and KRNL64NUC before versions 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64UC, before versions 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73 and KERNEL before versions 7.21, 7.49, 7.53, 7.73, 7.76 SAP GUI for Windows...
CVE-2019-0355 1 Sap 1 Netweaver Application Server Java 2019-09-11 6.5
SAP NetWeaver Application Server Java Web Container, ENGINEAPI (before versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50) and SAP-JEECOR (before versions 6.40, 7.0, 7.01), allows an attacker to inject code that can be executed by the application. An...
CVE-2019-0357 1 Sap 1 Hana 2019-09-11 7.2
The administrator of SAP HANA database, before versions 1.0 and 2.0, can misuse HANA to execute commands with operating system "root" privileges.
CVE-2019-0361 1 Sap 1 Supplier Relationship Management 2019-09-11 4.3
SAP Supplier Relationship Management (Master Data Management Catalog - SRM_MDM_CAT, before versions 3.73, 7.31, 7.32) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
CVE-2019-0363 1 Sap 1 Hana Extended Application Services 2019-09-11 5.5
Attackers may misuse an HTTP/REST endpoint of SAP HANA Extended Application Services (Advanced model), before version 1.0.118, to overload the server or retrieve information about internal network ports.
CVE-2019-0364 1 Sap 1 Hana Extended Application Services 2019-09-11 4.0
Attackers may misuse an HTTP/REST endpoint of SAP HANA Extended Application Services (Advanced model), before version 1.0.118, to enumerate open ports.
CVE-2019-0352 1 Sap 1 Businessobjects Business Intelligence Platform 2019-09-11 5.0
In SAP Business Objects Business Intelligence Platform, before versions 4.1, 4.2 and 4.3, some dynamic pages (like jsp) are cached, which leads to an attacker can see the sensitive information via cache and can open the dynamic pages even after logout.
CVE-2019-0353 1 Sap 1 Business One Client 2019-09-10 2.1
Under certain conditions SAP Business One client (B1_ON_HANA, SAP-M-BO), before versions 9.2 and 9.3, allows an attacker to access information which would otherwise be restricted.