Vulnerabilities (CVE)

Vendor filter

Sap Subscribe

Filter

590 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-0365 1 Sap 5 Sap Kernel, Sap Kernel Krnl32nuc, Sap Kernel Krnl32uc and 2 more 2019-09-11 7.8
SAP Kernel (RFC), KRNL32NUC, KRNL32UC and KRNL64NUC before versions 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64UC, before versions 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73 and KERNEL before versions 7.21, 7.49, 7.53, 7.73, 7.76 SAP GUI for Windows...
CVE-2019-0355 1 Sap 1 Netweaver Application Server Java 2019-09-11 6.5
SAP NetWeaver Application Server Java Web Container, ENGINEAPI (before versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50) and SAP-JEECOR (before versions 6.40, 7.0, 7.01), allows an attacker to inject code that can be executed by the application. An...
CVE-2019-0356 1 Sap 1 Netweaver Process Integration 2019-09-11 4.0
Under certain conditions SAP NetWeaver Process Integration Runtime Workbench ? MESSAGING and SAP_XIAF (before versions 7.31, 7.40, 7.50) allows an attacker to access information which would otherwise be restricted.
CVE-2019-0357 1 Sap 1 Hana 2019-09-11 7.2
The administrator of SAP HANA database, before versions 1.0 and 2.0, can misuse HANA to execute commands with operating system "root" privileges.
CVE-2019-0361 1 Sap 1 Supplier Relationship Management 2019-09-11 4.3
SAP Supplier Relationship Management (Master Data Management Catalog - SRM_MDM_CAT, before versions 3.73, 7.31, 7.32) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
CVE-2019-0363 1 Sap 1 Hana Extended Application Services 2019-09-11 5.5
Attackers may misuse an HTTP/REST endpoint of SAP HANA Extended Application Services (Advanced model), before version 1.0.118, to overload the server or retrieve information about internal network ports.
CVE-2019-0364 1 Sap 1 Hana Extended Application Services 2019-09-11 4.0
Attackers may misuse an HTTP/REST endpoint of SAP HANA Extended Application Services (Advanced model), before version 1.0.118, to enumerate open ports.
CVE-2019-0352 1 Sap 1 Businessobjects Business Intelligence Platform 2019-09-11 5.0
In SAP Business Objects Business Intelligence Platform, before versions 4.1, 4.2 and 4.3, some dynamic pages (like jsp) are cached, which leads to an attacker can see the sensitive information via cache and can open the dynamic pages even after logout.
CVE-2019-0353 1 Sap 1 Business One Client 2019-09-10 2.1
Under certain conditions SAP Business One client (B1_ON_HANA, SAP-M-BO), before versions 9.2 and 9.3, allows an attacker to access information which would otherwise be restricted.
CVE-2019-0333 1 Sap 1 Businessobjects Business Intelligence 2019-08-28 4.0
In some situations, when a client cancels a query in SAP BusinessObjects Business Intelligence Platform (Web Intelligence), versions 4.2, 4.3, the attacker can then query and receive the whole data set instead of just what is part of their...
CVE-2016-6858 1 Sap 1 Hybris 2019-08-27 3.5
Cross-site scripting (XSS) vulnerability in the Create Employee feature in Hybris Management Console (HMC) in SAP Hybris before 5.0.4.11, 5.1.0.x before 5.1.0.11, 5.1.1.x before 5.1.1.12, 5.2.0.x and 5.3.0.x before 5.3.0.10, 5.4.x before 5.4.0.9,...
CVE-2014-8871 1 Sap 1 Hybris 2019-08-27 5.0
Directory traversal vulnerability in hybris Commerce software suite 5.0.3.3 and earlier, 5.0.0.3 and earlier, 5.0.4.4 and earlier, 5.1.0.1 and earlier, 5.1.1.2 and earlier, 5.2.0.3 and earlier, and 5.3.0.1 and earlier.
CVE-2019-0331 1 Sap 1 Businessobjects Business Intelligence 2019-08-26 5.0
Under certain conditions, SAP BusinessObjects Business Intelligence Platform (BI Workspace), versions 4.1, 4.2, 4.3, allows an attacker to access sensitive data such as directory structure, leading to Information Disclosure.
CVE-2019-0344 1 Sap 1 Commerce Cloud 2019-08-26 7.5
Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, it is possible to execute arbitrary code on a target machine with 'Hybris' user rights, resulting in Code Injection.
CVE-2019-0341 1 Sap 1 Enable Now 2019-08-26 4.0
The session cookie used by SAP Enable Now, version 1902, does not have the HttpOnly flag set. If an attacker runs script code in the context of the application, he could get access to the session cookie. The session cookie could then be abused to...
CVE-2019-0338 1 Sap 1 Gateway 2019-08-26 5.0
During an OData V2/V4 request in SAP Gateway, versions 750, 751, 752, 753, the HTTP Header attributes cache-control and pragma were not properly set, allowing an attacker to access restricted information, resulting in Information Disclosure.
CVE-2019-0337 1 Sap 1 Netweaver Process Integration 2019-08-26 4.3
Java Proxy Runtime of SAP NetWeaver Process Integration, versions 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs and allows an attacker to execute malicious scripts in the url thereby resulting in...
CVE-2019-0335 1 Sap 1 Businessobjects Business Intelligence 2019-08-26 4.3
Under certain conditions SAP BusinessObjects Business Intelligence Platform (Central Management Console), versions 4.1, 4.2, 4.3, allows an attacker to store a malicious payload within the description field of a user account. The payload is...
CVE-2019-0349 1 Sap 1 Advanced Business Application Programming Platform Kernel 2019-08-23 6.5
SAP Kernel (ABAP Debugger), versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21, 7.49, 7.53, 7.73,...
CVE-2019-0351 1 Sap 1 Netweaver 2019-08-23 6.5
A remote code execution vulnerability exists in the SAP NetWeaver UDDI Server (Services Registry), versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50. Because of this, an attacker can exploit Services Registry potentially enabling them to take complete...