Filtered by vendor Sap
Subscriptions
Total
1493 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-2394 | 1 Sap | 1 Internet Graphics Server | 2024-08-05 | N/A |
| Under certain conditions an unauthenticated malicious user can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, services and/or system files. | ||||
| CVE-2018-2408 | 1 Sap | 1 Businessobjects | 2024-08-05 | N/A |
| Improper Session Management in SAP Business Objects, 4.0, from 4.10, from 4.20, 4.30, CMC/BI Launchpad/Fiorified BI Launchpad. In case of password change for a user, all other active sessions created using older password continues to be active. | ||||
| CVE-2018-2397 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-08-05 | N/A |
| In SAP Business Objects Business Intelligence Platform, 4.00, 4.10, 4.20, 4.30, the Central Management Console (CMC) does not sufficiently encode user controlled inputs which results in Cross-Site Scripting. | ||||
| CVE-2018-2412 | 1 Sap | 1 Disclosure Management | 2024-08-05 | N/A |
| SAP Disclosure Management 10.1 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | ||||
| CVE-2018-2398 | 1 Sap | 1 Business Client | 2024-08-05 | N/A |
| Under certain conditions SAP Business Client 6.5 allows an attacker to access information which would otherwise be restricted. | ||||
| CVE-2018-2399 | 1 Sap | 1 Process Monitoring Infrastructure | 2024-08-05 | N/A |
| Cross-Site Scripting in Process Monitoring Infrastructure, from 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, due to inefficient encoding of user controlled inputs. | ||||
| CVE-2018-2404 | 1 Sap | 1 Disclosure Management | 2024-08-05 | N/A |
| SAP Disclosure Management 10.1 allows an attacker to upload any file without proper file format validation. | ||||
| CVE-2018-2393 | 1 Sap | 1 Internet Graphics Server | 2024-08-05 | N/A |
| Under certain conditions SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML External Entity appropriately causing the SAP Internet Graphics Server (IGS) to become unavailable. | ||||
| CVE-2018-2391 | 1 Sap | 1 Internet Graphics Server | 2024-08-05 | N/A |
| Under certain conditions a malicious user can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, via IGS portwatcher service. | ||||
| CVE-2018-2388 | 1 Sap | 1 Internet Graphics Server | 2024-08-05 | N/A |
| Stored cross-site scripting vulnerability in SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53. | ||||
| CVE-2018-2384 | 1 Sap | 1 Internet Graphics Server | 2024-08-05 | N/A |
| Under certain conditions a malicious user provoking a Null Pointer dereference can prevent legitimate users from accessing the SAP Internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, and its services. | ||||
| CVE-2018-2387 | 1 Sap | 1 Internet Graphics Server | 2024-08-05 | N/A |
| A vulnerability in the SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, could allow a malicious user to obtain information on ports, which is not available to the user otherwise. | ||||
| CVE-2018-2392 | 1 Sap | 1 Internet Graphics Server | 2024-08-05 | N/A |
| Under certain conditions SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML External Entity appropriately causing the SAP Internet Graphics Server (IGS) to become unavailable. | ||||
| CVE-2018-2389 | 1 Sap | 1 Internet Graphics Server | 2024-08-05 | N/A |
| Under certain conditions a malicious user can inject log files of SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, hiding important information in the log file. | ||||
| CVE-2018-2374 | 1 Sap | 1 Hana Extended Application Services | 2024-08-05 | N/A |
| In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could retrieve sensitive application data like service bindings within that space. | ||||
| CVE-2018-2381 | 1 Sap | 1 Erp Financials Information System | 2024-08-05 | N/A |
| SAP ERP Financials Information System (SAP_APPL 6.00, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16; SAP_FIN 6.17, 6.18, 7.00, 7.20, 7.30 S4CORE 1.00, 1.01, 1.02) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | ||||
| CVE-2018-2390 | 1 Sap | 1 Internet Graphics Server | 2024-08-05 | N/A |
| Under certain conditions a malicious user can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, via IGS Chart service. | ||||
| CVE-2018-2386 | 1 Sap | 1 Internet Graphics Server | 2024-08-05 | N/A |
| Under certain conditions a malicious user provoking an out of bounds buffer overflow can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53. | ||||
| CVE-2018-2376 | 1 Sap | 1 Hana Extended Application Services | 2024-08-05 | N/A |
| In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could retrieve application environments within that space. | ||||
| CVE-2018-2369 | 1 Sap | 1 Hana | 2024-08-05 | N/A |
| Under certain conditions SAP HANA, 1.00, 2.00, allows an unauthenticated attacker to access information which would otherwise be restricted. An attacker can misuse the authentication function of the SAP HANA server on its SQL interface and disclose 8 bytes of the server process memory. The attacker cannot influence or predict the location of the leaked memory. | ||||