Vulnerabilities (CVE)

Vendor filter

Sap Subscribe

Filter

601 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-0298 1 Sap 1 E-commerce 2019-05-16 4.3
SAP E-Commerce (Business-to-Consumer) application does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Fixed in the following components SAP-CRMJAV SAP-CRMWEB SAP-SHRWEB SAP-SHRJAV SAP-CRMAPP...
CVE-2019-0301 1 Sap 1 Identity Management 2019-05-16 6.5
Under certain conditions, it is possible to request the modification of role or privilege assignments through SAP Identity Management REST Interface Version 2, which would otherwise be restricted only for viewing.
CVE-2019-0280 1 Sap 1 Treasury And Risk Management 2019-05-16 6.5
SAP Treasury and Risk Management (EA-FINSERV 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18 and 8.0; S4CORE 1.01, 1.02 and 1.03), does not perform necessary authorization checks for authorization objects T_DEAL_DP and T_DEAL_PD , resulting in...
CVE-2019-0287 1 Sap 1 Businessobjects 2019-05-16 6.8
Under certain conditions SAP BusinessObjects Business Intelligence platform (Central Management Server), versions 4.2 and 4.3, allows an attacker to access information which would otherwise be restricted.
CVE-2019-0289 1 Sap 1 Businessobjects 2019-05-16 5.8
Under certain conditions SAP BusinessObjects Business Intelligence platform (Analysis for OLAP), versions 4.2 and 4.3, allows an attacker to access information which would otherwise be restricted.
CVE-2019-0291 1 Sap 1 Solution Manager 2019-05-16 2.1
Under certain conditions Solution Manager, version 7.2, allows an attacker to access information which would otherwise be restricted.
CVE-2017-15294 1 Sap 1 Customer Relationship Management 2019-04-17 4.3
The Java administration console in SAP CRM has XSS. This is SAP Security Note 2478964.
CVE-2019-0279 1 Sap 1 Business Application Software Integrated Solution 2019-04-12 6.5
ABAP BASIS function modules INST_CREATE_R3_RFC_DEST, INST_CREATE_TCPIP_RFCDEST, and INST_CREATE_TCPIP_RFC_DEST in SAP BASIS (fixed in versions 7.0 to 7.02, 7.10 to 7.30, 7.31, 7.40, 7.50 to 7.53) do not perform necessary authorization checks in...
CVE-2019-0278 1 Sap 1 Netweaver Process Integration 2019-04-11 4.0
Under certain conditions the Monitoring Servlet of the SAP NetWeaver Process Integration (Messaging System), fixed in versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to see the names of database tables used by the...
CVE-2019-0282 1 Sap 1 Netweaver Process Integration 2019-04-11 5.0
Several web pages in SAP NetWeaver Process Integration (Runtime Workbench), fixed in versions 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; can be accessed without user authentication, which might expose internal data like release information, Java...
CVE-2019-0283 1 Sap 1 Netweaver Process Integration 2019-04-11 5.5
SAP NetWeaver Process Integration (Adapter Engine), fixed in versions 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; is vulnerable to Digital Signature Spoofing. It is possible to spoof XML signatures and send arbitrary requests to the server via PI Axis...
CVE-2019-0284 1 Sap 1 Hana 2019-04-11 3.6
SLD Registration in SAP HANA (fixed in versions 1.0, 2.0) does not sufficiently validate an XML document accepted from an untrusted source. The attacker can call SLDREG with an XML file containing a reference to an XML External Entity (XXE). This...
CVE-2019-0271 1 Sap 2 Advanced Business Application Programming Platform, Sap Kernel 2019-03-19 4.0
ABAP Server (used in NetWeaver and Suite/ERP) and ABAP Platform does not sufficiently validate an XML document accepted from an untrusted source, leading to an XML External Entity (XEE) vulnerability. Fixed in Kernel 7.21 or 7.22, that is ABAP...
CVE-2019-0270 1 Sap 5 Advanced Business Application Programming Platform Kernel, Advanced Business Application Programming Platform Krnl32nuc, Advanced Business Application Programming Platform Krnl32uc and 2 more 2019-03-15 6.5
ABAP Server of SAP NetWeaver and ABAP Platform fail to perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has been corrected in the following versions: KRNL32NUC 7.21, 7.21EXT, 7.22,...
CVE-2018-2416 1 Sap 1 Identity Management 2019-03-14 5.5
SAP Identity Management 7.2 and 8.0 do not sufficiently validate an XML document accepted from an untrusted source.
CVE-2019-0274 1 Sap 1 Mobile Platform Sdk 2019-03-14 5.0
SAP Mobile Platform SDK allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service (i.e. denial of service). Fixed in versions 3.1 SP03 PL02, SDK 3.1 SP04, or later.
CVE-2019-0276 1 Sap 2 Banking Services From Sap, S%2f4hana Financial Products Subledger 2019-03-14 6.5
Banking services from SAP 9.0 (FSAPPL version 5) and SAP S/4HANA Financial Products Subledger (S4FPSL, version 1) performs an inadequate authorization check for an authenticated user, potentially resulting in escalation of privileges.
CVE-2019-0275 1 Sap 1 Netweaver Java Application Server 2019-03-14 3.5
SAML 1.1 SSO Demo Application in SAP NetWeaver Java Application Server (J2EE-APPS), versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40 and 7.50, does not sufficiently encode user-controlled inputs, which results in cross-site scripting (XSS) vulnerability.
CVE-2019-0277 1 Sap 1 Hana Extended Application Services 2019-03-13 5.5
SAP HANA extended application services, version 1, advanced does not sufficiently validate an XML document accepted from an authenticated developer with privileges to the SAP space (XML External Entity vulnerability).
CVE-2019-0265 1 Sap 5 Advanced Business Application Programming Platform Kernel, Advanced Business Application Programming Platform Krnl32nuc, Advanced Business Application Programming Platform Krnl32uc and 2 more 2019-03-13 4.0
SLD Registration of ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. Fixed in versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT,KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT,...