Filtered by vendor Sap
Subscriptions
Total
1493 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-2457 | 1 Sap | 1 Adaptive Server Enterprise | 2024-08-05 | N/A |
| Under certain conditions SAP Adaptive Server Enterprise, version 16.0, allows some privileged users to access information which would otherwise be restricted. | ||||
| CVE-2018-2440 | 1 Sap | 1 Dynamic Authorization Management | 2024-08-05 | N/A |
| Under certain circumstances SAP Dynamic Authorization Management (DAM) by NextLabs (Java Policy Controller versions 7.7 and 8.5) exposes sensitive information in the application logs. | ||||
| CVE-2018-2444 | 1 Sap | 1 Businessobjects Financial Consolidation | 2024-08-05 | N/A |
| SAP BusinessObjects Financial Consolidation, versions 10.0, 10.1, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2018-2470 | 1 Sap | 1 Netweaver | 2024-08-05 | N/A |
| In SAP NetWeaver Application Server for ABAP, from 7.0 to 7.02, 7.30, 7.31, 7.40 and from 7.50 to 7.53, applications do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2018-2492 | 1 Sap | 1 Netweaver Application Server Java | 2024-08-05 | 7.1 High |
| SAML 2.0 functionality in SAP NetWeaver AS Java, does not sufficiently validate XML documents received from an untrusted source. This is fixed in versions 7.2, 7.30, 7.31, 7.40 and 7.50. | ||||
| CVE-2018-2502 | 1 Sap | 1 Business One On Hana | 2024-08-05 | N/A |
| TRACE method is enabled in SAP Business One Service Layer . Attacker can use XST (Cross Site Tracing) attack if frontend applications that are using Service Layer has a XSS vulnerability. This has been fixed in SAP Business One Service Layer (B1_ON_HANA, versions 9.2, 9.3). | ||||
| CVE-2018-2467 | 1 Sap | 1 Businessobjects Bi Platform | 2024-08-05 | N/A |
| In the Software Development Kit in SAP BusinessObjects BI Platform Servers, versions 4.1 and 4.2, using the specially crafted URL in a Web Browser such as Chrome the system returns an error with the path of the used application server. | ||||
| CVE-2018-2464 | 1 Sap | 1 Netweaver | 2024-08-05 | N/A |
| SAP WebDynpro Java, versions 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2018-2451 | 1 Sap | 1 Hana Extended Application Services | 2024-08-05 | N/A |
| XS Command-Line Interface (CLI) user sessions with the SAP HANA Extended Application Services (XS), version 1, advanced server may have an unintentional prolonged period of validity. Consequently, a platform user could access controller resources via active CLI session even after corresponding authorizations have been revoked meanwhile by an administrator user. Similarly, an attacker who managed to gain access to the platform user's session might misuse the session token even after the session has been closed. | ||||
| CVE-2018-2497 | 1 Sap | 1 Hana | 2024-08-05 | N/A |
| The security audit log of SAP HANA, versions 1.0 and 2.0, does not log SELECT events if these events are part of a statement with the syntax CREATE TABLE <table_name> AS SELECT. | ||||
| CVE-2018-2490 | 1 Sap | 1 Fiori Client | 2024-08-05 | N/A |
| The broadcast messages received by SAP Fiori Client are not protected by permissions. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues and users must update to that version. | ||||
| CVE-2018-2488 | 1 Sap | 1 Fiori Client | 2024-08-05 | N/A |
| It is possible for a malware application installed on an Android device to send local push notifications with an empty message to SAP Fiori Client and cause the application to crash. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues and users must update to that version. | ||||
| CVE-2018-2471 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-08-05 | N/A |
| Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 allows an attacker to access information which would otherwise be restricted. | ||||
| CVE-2018-2489 | 1 Sap | 1 Fiori Client | 2024-08-05 | N/A |
| Locally, without any permission, an arbitrary android application could delete the SSO configuration of SAP Fiori Client. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues and users must update to that version. | ||||
| CVE-2018-2479 | 1 Sap | 1 Businessobjects Bi Platform | 2024-08-05 | N/A |
| SAP BusinessObjects Business Intelligence Platform (BIWorkspace), versions 4.1 and 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2018-2473 | 1 Sap | 1 Businessobjects Business Intelligence | 2024-08-05 | N/A |
| SAP BusinessObjects Business Intelligence Platform Server, versions 4.1 and 4.2, when using Web Intelligence Richclient 3 tiers mode gateway allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. | ||||
| CVE-2018-2474 | 1 Sap | 1 Fiori | 2024-08-05 | N/A |
| SAP Fiori 1.0 for SAP ERP HCM (Approve Leave Request, version 2) application allows an attacker to trick an authenticated user to send unintended request to the web server. This vulnerability is due to insufficient CSRF protection. | ||||
| CVE-2018-2448 | 1 Sap | 1 Supplier Relationship Management Mdm Catalog | 2024-08-05 | N/A |
| Under certain conditions SAP SRM-MDM (CATALOG versions 3.0, 7.01, 7.02) utilities functionality allows an attacker to access information of user existence which would otherwise be restricted. | ||||
| CVE-2018-2476 | 1 Sap | 1 Netweaver | 2024-08-05 | N/A |
| Due to insufficient URL Validation in forums in SAP NetWeaver versions 7.30, 7.31, 7.40, an attacker can redirect users to a malicious site. | ||||
| CVE-2018-2431 | 1 Sap | 1 Businessobjects Business Intelligence | 2024-08-05 | N/A |
| SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | ||||