Filtered by vendor Sap
Subscriptions
Total
1493 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-2454 | 1 Sap | 1 Enterprise Financial Services | 2024-08-05 | N/A |
| SAP Enterprise Financial Services, versions 6.05, 6.06, 6.16, 6.17, 6.18, 8.0 (in business function EAFS_BCA_BUSOPR_2) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | ||||
| CVE-2018-2465 | 1 Sap | 1 Hana | 2024-08-05 | N/A |
| SAP HANA (versions 1.0 and 2.0) Extended Application Services classic model OData parser does not sufficiently validate XML. By exploiting, an unauthorized hacker can cause the database server to crash. | ||||
| CVE-2018-2436 | 1 Sap | 1 R\/3 Enterprise Retail | 2024-08-05 | N/A |
| Executing transaction WRCK in SAP R/3 Enterprise Retail (EHP6) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | ||||
| CVE-2018-2452 | 1 Sap | 1 Netweaver Application Server Java | 2024-08-05 | 6.1 Medium |
| The logon application of SAP NetWeaver AS Java 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user-controlled inputs, resulting in a cross-site scripting (XSS) vulnerability. | ||||
| CVE-2018-2450 | 1 Sap | 1 Maxdb | 2024-08-05 | N/A |
| SAP MaxDB (liveCache), versions 7.8 and 7.9, allows an attacker who gets DBM operator privileges to execute crafted database queries and therefore read, modify or delete sensitive data from database. | ||||
| CVE-2018-2447 | 1 Sap | 1 Businessobjects Business Intelligence | 2024-08-05 | N/A |
| SAP BusinessObjects Business Intelligence (Launchpad Web Intelligence), version 4.2, allows an attacker to execute crafted InfoObject queries, exposing the CMS InfoObjects database. | ||||
| CVE-2018-2439 | 1 Sap | 1 Internet Graphics Server | 2024-08-05 | N/A |
| The SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, has insufficient request validation (for example, where the request is validated for authenticity and validity) and under certain conditions, will process invalid requests. Several areas of the SAP Internet Graphics Server (IGS) did not require sufficient input validation. Namely, the SAP Internet Graphics Server (IGS) HTTP and RFC listener, SAP Internet Graphics Server (IGS) portwatcher when registering a portwatcher to the multiplexer and the SAP Internet Graphics Server (IGS) multiplexer had insufficient input validation and thus allowing a malformed data packet to cause a crash. | ||||
| CVE-2018-2442 | 1 Sap | 2 Businessobjects Business Intelligence, Internet Graphics Server | 2024-08-05 | N/A |
| In SAP BusinessObjects Business Intelligence, versions 4.0, 4.1 and 4.2, while viewing a Web Intelligence report from BI Launchpad, the user session details captured by an HTTP analysis tool could be reused in a HTML page while the user session is still valid. | ||||
| CVE-2018-2433 | 1 Sap | 1 Sap Kernel | 2024-08-05 | N/A |
| SAP Gateway (SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.53) allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. | ||||
| CVE-2018-2455 | 1 Sap | 1 Enterprise Financial Services | 2024-08-05 | N/A |
| SAP Enterprise Financial Services, versions 6.05, 6.06, 6.16, 6.17, 6.18, 8.0 (in business function EAFS_BCA_BUSOPR_SEPA) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | ||||
| CVE-2018-2435 | 1 Sap | 1 Netweaver Enterprise Portal | 2024-08-05 | N/A |
| SAP NetWeaver Enterprise Portal from 7.0 to 7.02, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2018-2445 | 1 Sap | 1 Businessobjects Business Intelligence | 2024-08-05 | N/A |
| AdminTools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application, resulting in a Server-Side Request Forgery (SSRF) vulnerability. | ||||
| CVE-2018-2449 | 1 Sap | 1 Supplier Relationship Management Mdm Catalog | 2024-08-05 | N/A |
| SAP SRM MDM Catalog versions 3.73, 7.31, 7.32 in (SAP NetWeaver 7.3) - import functionality does not perform authentication checks for valid repository user. This is an unauthenticated functionality that you can use on windows machines to do SMB relaying. | ||||
| CVE-2018-2419 | 1 Sap | 3 Ea-finserv, S4core, Sapscore | 2024-08-05 | N/A |
| SAP Enterprise Financial Services (SAPSCORE 1.11, 1.12; S4CORE 1.01, 1.02; EA-FINSERV 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | ||||
| CVE-2018-2446 | 1 Sap | 1 Businessobjects Business Intelligence | 2024-08-05 | 7.5 High |
| Admin tools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allow an unauthenticated user to read sensitive information (server name), hence leading to an information disclosure. | ||||
| CVE-2018-2469 | 1 Sap | 1 Adaptive Server Enterprise | 2024-08-05 | N/A |
| Under certain conditions SAP Adaptive Server Enterprise (ASE), versions 15.7 and 16.0, allows an attacker to access information which would otherwise be restricted. | ||||
| CVE-2018-2478 | 1 Sap | 1 Basis | 2024-08-05 | N/A |
| An attacker can use specially crafted inputs to execute commands on the host of a TREX / BWA installation, SAP Basis, versions: 7.0 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40 and 7.50 to 7.53. Not all commands are possible, only those that can be executed by the <sid>adm user. The commands executed depend upon the privileges of the <sid>adm user. | ||||
| CVE-2018-2432 | 1 Sap | 1 Businessobjects Business Intelligence | 2024-08-05 | 5.4 Medium |
| SAP BusinessObjects Business Intelligence (BI Launchpad and Central Management Console) versions 4.10, 4.20 and 4.30 allow an attacker to include invalidated data in the HTTP response header sent to a Web user. Successful exploitation of this vulnerability may lead to advanced attacks, including: cross-site scripting and page hijacking. | ||||
| CVE-2018-2434 | 1 Sap | 3 Netweaver, Ui Infra, User Interface Technology | 2024-08-05 | N/A |
| A content spoofing vulnerability in the following components allows to render html pages containing arbitrary plain text content, which might fool an end user: UI add-on for SAP NetWeaver (UI_Infra, 1.0), SAP UI Implementation for Decoupled Innovations (UI_700, 2.0): SAP NetWeaver 7.00 Implementation, SAP User Interface Technology (SAP_UI 7.4, 7.5, 7.51, 7.52). There is little impact as it is not possible to embed active contents such as JavaScript or hyperlinks. | ||||
| CVE-2018-2418 | 1 Sap | 1 Maxdb Odbc Driver | 2024-08-05 | N/A |
| SAP MaxDB ODBC driver (all versions before 7.9.09.07) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application. | ||||