Filtered by vendor Sap
Subscriptions
Total
1493 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-2482 | 1 Sap | 1 Mobile Secure | 2024-08-05 | N/A |
| SAP Mobile Secure Android Application, Mobile-secure.apk Android client, before version 6.60.19942.0, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. Install the Mobile Secure Android client released in Mid-Oct 2018. | ||||
| CVE-2018-2437 | 1 Sap | 1 Internet Graphics Server | 2024-08-05 | N/A |
| The SAP Internet Graphics Service (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to externally trigger IGS command executions which can lead to: disclosure of information and malicious file insertion or modification. | ||||
| CVE-2018-2485 | 1 Sap | 1 Fiori Client | 2024-08-05 | N/A |
| It is possible for a malicious application or malware to execute JavaScript in a SAP Fiori application. This can include reading and writing of information and calling device specific JavaScript APIs in the application. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues and users must update to that version. | ||||
| CVE-2018-2477 | 1 Sap | 1 Netweaver | 2024-08-05 | N/A |
| Knowledge Management (XMLForms) in SAP NetWeaver, versions 7.30, 7.31, 7.40 and 7.50 does not sufficiently validate an XML document accepted from an untrusted source. | ||||
| CVE-2018-2459 | 1 Sap | 1 Mobile Platform | 2024-08-05 | N/A |
| Users of an SAP Mobile Platform (version 3.0) Offline OData application, which uses Offline OData-supplied delta tokens (which is on by default), occasionally receive some data values of a different user. | ||||
| CVE-2018-2460 | 1 Sap | 1 Business One | 2024-08-05 | N/A |
| SAP Business One Android application, version 1.2, does not verify the certificate properly for HTTPS connection. This allows attacker to do MITM attack. | ||||
| CVE-2018-2487 | 1 Sap | 1 Disclosure Management | 2024-08-05 | N/A |
| SAP Disclosure Management 10.x allows an attacker to exploit through a specially crafted zip file provided by users: When extracted in specific use cases, files within this zip file can land in different locations than the originally intended extraction point. | ||||
| CVE-2018-2494 | 1 Sap | 1 Business Application Software Integrated Solution | 2024-08-05 | N/A |
| Necessary authorization checks for an authenticated user, resulting in escalation of privileges, have been fixed in SAP Basis AS ABAP of SAP NetWeaver 700 to 750, from 750 onwards delivered as ABAP Platform. | ||||
| CVE-2018-2425 | 1 Sap | 1 Business One | 2024-08-05 | N/A |
| Under certain conditions, SAP Business One, 9.2, 9.3, for SAP HANA backup service allows an attacker to access information which would otherwise be restricted. | ||||
| CVE-2018-2463 | 1 Sap | 1 Hybris | 2024-08-05 | N/A |
| The Omni Commerce Connect API (OCC) of SAP Hybris Commerce, versions 6.*, is vulnerable to server-side request forgery (SSRF) attacks. This is due to a misconfiguration of XML parser that is used in the server-side implementation of OCC. | ||||
| CVE-2018-2481 | 1 Sap | 1 Advanced Business Application Programming | 2024-08-05 | N/A |
| In some SAP standard roles, in SAP_ABA versions, 7.00 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, 75C to 75D, a transaction code reserved for customer is used. By implementing such transaction code a malicious user may execute unauthorized transaction functionality. | ||||
| CVE-2018-2468 | 1 Sap | 1 Adaptive Server Enterprise | 2024-08-05 | N/A |
| Under certain conditions the backup server in SAP Adaptive Server Enterprise (ASE), versions 15.7 and 16.0, allows an attacker to access information which would otherwise be restricted. | ||||
| CVE-2018-2458 | 1 Sap | 1 Business One | 2024-08-05 | N/A |
| Under certain conditions, Crystal Report using SAP Business One, versions 9.2 and 9.3, connection type allows an attacker to access information which would otherwise be restricted. | ||||
| CVE-2018-2484 | 1 Sap | 4 Bank\/cfm, Ea-finserv, S4core and 1 more | 2024-08-05 | 8.8 High |
| SAP Enterprise Financial Services (fixed in SAPSCORE 1.13, 1.14, 1.15; S4CORE 1.01, 1.02, 1.03; EA-FINSERV 1.10, 2.0, 5.0, 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0; Bank/CFM 4.63_20) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | ||||
| CVE-2018-2466 | 1 Sap | 1 Data Services | 2024-08-05 | N/A |
| In Impact and Lineage Analysis in SAP Data Services, version 4.2, the management console does not sufficiently validate user-controlled inputs, which results in Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2018-2491 | 1 Sap | 1 Fiori Client | 2024-08-05 | N/A |
| When opening a deep link URL in SAP Fiori Client with log level set to "Debug", the client application logs the URL to the log file. If this URL contains malicious JavaScript code it can eventually run inside the built-in log viewer of the application in case user opens the viewer and taps on the hyperlink in the viewer. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues and users must update to that version. | ||||
| CVE-2018-2413 | 1 Sap | 1 Disclosure Management | 2024-08-05 | N/A |
| SAP Disclosure Management 10.1 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | ||||
| CVE-2018-2483 | 1 Sap | 1 Businessobjects Business Intelligence | 2024-08-05 | N/A |
| HTTP Verb Tampering is possible in SAP BusinessObjects Business Intelligence Platform, versions 4.1 and 4.2, Central Management Console (CMC) by changing request method. | ||||
| CVE-2018-2462 | 1 Sap | 1 Netweaver | 2024-08-05 | N/A |
| In certain cases, BEx Web Java Runtime Export Web Service in SAP NetWeaver BI 7.30, 7.31. 7.40, 7.41, 7.50, does not sufficiently validate an XML document accepted from an untrusted source. | ||||
| CVE-2018-2486 | 1 Sap | 2 Marketing Sapscore, Marketing Uicuan | 2024-08-05 | N/A |
| SAP Marketing (UICUAN (1.20, 1.30, 1.40), SAPSCORE (1.13, 1.14)) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | ||||