Vulnerabilities (CVE)

Vendor filter

Sap Subscribe

Filter

601 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-0381 1 Sap 3 Dynamic Tier, Sap Iq, Sql Anywhere 2019-10-15 2.1
A binary planting in SAP SQL Anywhere, before version 17.0, SAP IQ, before version 16.1, and SAP Dynamic Tier, before versions 1.0 and 2.0, can result in the inadvertent access of files located in directories outside of the paths specified by the user.
CVE-2019-0380 1 Sap 1 Landscape Management 2019-10-15 4.0
Under certain conditions, SAP Landscape Management enterprise edition, before version 3.0, allows custom secure parameters? default values to be part of the application logs leading to Information Disclosure.
CVE-2019-0379 1 Sap 1 Process Integration 2019-10-15 5.0
SAP Process Integration, business-to-business add-on, versions 1.0, 2.0, does not perform authentication check properly when the default security provider is changed to BouncyCastle (BC), leading to Missing Authentication Check
CVE-2019-0370 1 Sap 1 Financial Consolidation 2019-10-11 6.4
Due to missing input validation, SAP Financial Consolidation, before versions 10.0 and 10.1, enables an attacker to use crafted input to interfere with the structure of the surrounding query leading to XPath Injection.
CVE-2019-0369 1 Sap 1 Financial Consolidation 2019-10-10 3.5
SAP Financial Consolidation, before versions 10.0 and 10.1, does not sufficiently encode user-controlled inputs, which allows an attacker to execute scripts by uploading files containing malicious scripts, leading to reflected cross site...
CVE-2019-0374 1 Sap 1 Businessobjects Business Intelligence Platform 2019-10-10 3.5
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows execution of scripts in the chart title resulting in reflected...
CVE-2019-0375 1 Sap 1 Businessobjects Business Intelligence Platform 2019-10-10 3.5
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows execution of scripts in the export dialog box of the report name...
CVE-2019-0376 1 Sap 1 Businessobjects Business Intelligence Platform 2019-10-10 3.5
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows an attacker to save malicious scripts in the publication name, which...
CVE-2019-0377 1 Sap 1 Businessobjects Business Intelligence Platform 2019-10-10 3.5
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2, does not sufficiently encode user-controlled inputs and allows an attacker to store malicious scripts in the input controls, resulting in...
CVE-2019-0378 1 Sap 1 Businessobjects Business Intelligence Platform 2019-10-10 3.5
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before version 4.2, does not sufficiently encode user-controlled inputs and allows an attacker to store malicious scripts in the file name of the background...
CVE-2019-0367 1 Sap 1 Netweaver Process Integration 2019-10-10 4.0
SAP NetWeaver Process Integration (B2B Toolkit), before versions 1.0 and 2.0, does not perform necessary authorization checks for an authenticated user, allowing the import of B2B table content that leads to Missing Authorization Check.
CVE-2019-0356 1 Sap 1 Netweaver Process Integration 2019-10-10 4.0
Under certain conditions SAP NetWeaver Process Integration Runtime Workbench ? MESSAGING and SAP_XIAF (before versions 7.31, 7.40, 7.50) allows an attacker to access information which would otherwise be restricted.
CVE-2019-0349 1 Sap 1 Advanced Business Application Programming Platform Kernel 2019-10-10 6.5
SAP Kernel (ABAP Debugger), versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21, 7.49, 7.53, 7.73,...
CVE-2019-0316 1 Sap 1 Netweaver Process Integration 2019-10-10 3.5
SAP NetWeaver Process Integration, versions: SAP_XIESR: 7.20, SAP_XITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate user-controlled inputs, which allows an attacker possessing admin privileges to read and modify data...
CVE-2018-2428 1 Sap 2 Infrastructure, Ui 2019-10-09 5.0
Under certain conditions SAP UI5 Handler allows an attacker to access information which would otherwise be restricted. Software components affected are: SAP Infrastructure 1.0, SAP UI 7.4, 7.5, 7.51, 7.52 and version 2.0 of SAP UI for SAP NetWeaver 7.00.
CVE-2018-2425 1 Sap 1 Business One 2019-10-09 2.1
Under certain conditions, SAP Business One, 9.2, 9.3, for SAP HANA backup service allows an attacker to access information which would otherwise be restricted.
CVE-2018-2424 1 Sap 4 Hana Database, Ui, Ui5 and 1 more 2019-10-09 5.0
SAP UI5 did not validate user input before adding it to the DOM structure. This may lead to malicious user-provided JavaScript code being added to the DOM that could steal user information. Software components affected are: SAP Hana Database...
CVE-2018-2423 1 Sap 1 Internet Graphics Server 2019-10-09 5.0
SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, HTTP and RFC listener allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.
CVE-2018-2422 1 Sap 1 Internet Graphics Server 2019-10-09 5.0
SAP Internet Graphics Server (IGS) Portwatcher, 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.
CVE-2018-2421 1 Sap 1 Internet Graphics Server 2019-10-09 5.0
SAP Internet Graphics Server (IGS) Portwatcher, 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.