Filtered by vendor Sap
Subscriptions
Total
1493 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-2370 | 1 Sap | 1 Bi Launchpad | 2024-08-05 | N/A |
| Server Side Request Forgery (SSRF) vulnerability in SAP Central Management Console, BI Launchpad and Fiori BI Launchpad, 4.10, from 4.20, from 4.30, could allow a malicious user to use common techniques to determine which ports are in use on the backend server. | ||||
| CVE-2018-2385 | 1 Sap | 1 Internet Graphics Server | 2024-08-05 | N/A |
| Under certain conditions a malicious user provoking a divide by zero crash can prevent legitimate users from accessing the SAP Internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, and its services. | ||||
| CVE-2018-2363 | 1 Sap | 2 Business Application Software Integrated Solution, Netweaver | 2024-08-05 | N/A |
| SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, contains code that allows you to execute arbitrary program code of the user's choice. A malicious user can therefore control the behaviour of the system or can potentially escalate privileges by executing malicious code without legitimate credentials. | ||||
| CVE-2018-2380 | 1 Sap | 1 Customer Relationship Management | 2024-08-05 | N/A |
| SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs. | ||||
| CVE-2018-2368 | 1 Sap | 1 Netweaver System Landscape Directory | 2024-08-05 | N/A |
| SAP NetWeaver System Landscape Directory, LM-CORE 7.10, 7.20, 7.30, 7.31, 7.40, does not perform any authentication checks for functionalities that require user identity. | ||||
| CVE-2018-2375 | 1 Sap | 1 Hana Extended Application Services | 2024-08-05 | N/A |
| In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could retrieve application environments within that space. | ||||
| CVE-2018-2383 | 1 Sap | 1 Internet Graphics Server | 2024-08-05 | N/A |
| Reflected cross-site scripting vulnerability in SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53. | ||||
| CVE-2018-2377 | 1 Sap | 1 Hana Extended Application Services | 2024-08-05 | N/A |
| In SAP HANA Extended Application Services, 1.0, some general server statistics and status information could be retrieved by unauthorized users. | ||||
| CVE-2018-2382 | 1 Sap | 1 Internet Graphics Server | 2024-08-05 | N/A |
| A vulnerability in the SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, could allow a malicious user to store graphics in a controlled area and as such gain information from system area, which is not available to the user otherwise. | ||||
| CVE-2018-2371 | 1 Sap | 1 Netweaver Java Web Application | 2024-08-05 | N/A |
| The SAML 2.0 service provider of SAP Netweaver AS Java Web Application, 7.50, does not sufficiently encode user controlled inputs, which results in Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2018-2361 | 1 Sap | 1 Solution Manager | 2024-08-05 | N/A |
| In SAP Solution Manager 7.20, the role SAP_BPO_CONFIG gives the Business Process Operations (BPO) configuration user more authorization than required for configuring the BPO tools. | ||||
| CVE-2018-2362 | 1 Sap | 1 Hana | 2024-08-05 | N/A |
| A remote unauthenticated attacker, SAP HANA 1.00 and 2.00, could send specially crafted SOAP requests to the SAP Startup Service and disclose information such as the platform's hostname. | ||||
| CVE-2018-2364 | 1 Sap | 2 Customer Relationship Management Webclient Ui, S4fnd | 2024-08-05 | N/A |
| SAP CRM WebClient UI 7.01, 7.31, 7.46, 7.47, 7.48, 8.00, 8.01, S4FND 1.02, does not sufficiently validate and/or encode hidden fields, resulting in Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2018-2360 | 1 Sap | 1 Sap Kernel | 2024-08-05 | N/A |
| SAP Startup Service, SAP KERNEL 7.45, 7.49, and 7.52, is missing an authentication check for functionalities that require user identity and cause consumption of file system storage. | ||||
| CVE-2018-2373 | 1 Sap | 1 Hana Extended Application Services | 2024-08-05 | N/A |
| Under certain circumstances, a specific endpoint of the Controller's API could be misused by unauthenticated users to execute SQL statements that deliver information about system configuration in SAP HANA Extended Application Services, 1.0. | ||||
| CVE-2018-2372 | 1 Sap | 1 Hana Extended Application Services | 2024-08-05 | N/A |
| A plain keystore password is written to a system log file in SAP HANA Extended Application Services, 1.0, which could endanger confidentiality of SSL communication. | ||||
| CVE-2018-2367 | 1 Sap | 1 Business Application Software Integrated Solution | 2024-08-05 | N/A |
| ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs. | ||||
| CVE-2018-2365 | 1 Sap | 1 Netweaver Portal | 2024-08-05 | N/A |
| SAP NetWeaver Portal, WebDynpro Java, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2019-0384 | 1 Sap | 2 Enterprise Extension Financial Services, Treasury And Risk Management \(s4core\) | 2024-08-04 | 8.8 High |
| Transaction Management in SAP Treasury and Risk Management (corrected in S4CORE versions 1.01, 1.02, 1.03, 1.04 and EA-FINSERV versions 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for functionalities that require user identity. | ||||
| CVE-2019-0380 | 1 Sap | 1 Landscape Management | 2024-08-04 | 4.9 Medium |
| Under certain conditions, SAP Landscape Management enterprise edition, before version 3.0, allows custom secure parameters’ default values to be part of the application logs leading to Information Disclosure. | ||||