Filtered by vendor Sap
Subscriptions
Total
1493 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-0376 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-08-04 | 5.4 Medium |
| SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows an attacker to save malicious scripts in the publication name, which can be executed later by the victim, resulting in Stored Cross-Site Scripting. | ||||
| CVE-2019-0370 | 1 Sap | 1 Financial Consolidation | 2024-08-04 | 6.5 Medium |
| Due to missing input validation, SAP Financial Consolidation, before versions 10.0 and 10.1, enables an attacker to use crafted input to interfere with the structure of the surrounding query leading to XPath Injection. | ||||
| CVE-2019-0379 | 1 Sap | 1 Process Integration | 2024-08-04 | 5.3 Medium |
| SAP Process Integration, business-to-business add-on, versions 1.0, 2.0, does not perform authentication check properly when the default security provider is changed to BouncyCastle (BC), leading to Missing Authentication Check | ||||
| CVE-2019-0402 | 1 Sap | 1 Adaptive Server Enterprise | 2024-08-04 | 4.4 Medium |
| SAP Adaptive Server Enterprise, before versions 15.7 and 16.0, under certain conditions exposes some sensitive information to the admin, leading to Information Disclosure. | ||||
| CVE-2019-0398 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-08-04 | 8.8 High |
| Due to insufficient CSRF protection, SAP BusinessObjects Business Intelligence Platform (Monitoring Application), before versions 4.1, 4.2 and 4.3, may lead to an authenticated user to send unintended request to the web server, leading to Cross Site Request Forgery. | ||||
| CVE-2019-0385 | 1 Sap | 1 Enable Now | 2024-08-04 | 6.5 Medium |
| SAP Enable Now, before version 1908, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2019-0251 | 1 Sap | 1 Businessobjects | 2024-08-04 | N/A |
| The Fiori Launchpad of SAP BusinessObjects, before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2019-0361 | 1 Sap | 1 Supplier Relationship Management | 2024-08-04 | 6.1 Medium |
| SAP Supplier Relationship Management (Master Data Management Catalog - SRM_MDM_CAT, before versions 3.73, 7.31, 7.32) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2019-0281 | 1 Sap | 1 Openui5 | 2024-08-04 | N/A |
| SAPUI5 and OpenUI5, before versions 1.38.39, 1.44.39, 1.52.25, 1.60.6 and 1.63.0, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2019-0268 | 1 Sap | 1 Businessobjects Business Intelligence | 2024-08-04 | N/A |
| SAP BusinessObjects Business Intelligence Platform (CMC Module), versions 4.10, 4.20 and 4.30, does not sufficiently validate an XML document accepted from an untrusted source. | ||||
| CVE-2019-0343 | 1 Sap | 1 Commerce Cloud | 2024-08-04 | N/A |
| SAP Commerce Cloud (Mediaconversion Extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, allows an authenticated Backoffice/HMC user to inject code that can be executed by the application, leading to Code Injection. An attacker could thereby control the behavior of the application. | ||||
| CVE-2019-0346 | 1 Sap | 1 Businessobjects Business Intelligence | 2024-08-04 | N/A |
| Unencrypted communication error in SAP Business Objects Business Intelligence Platform (Central Management Console), version 4.2, leads to disclosure of list of user names and roles imported from SAP NetWeaver BI systems, resulting in Information Disclosure. | ||||
| CVE-2019-0282 | 1 Sap | 1 Netweaver Process Integration | 2024-08-04 | N/A |
| Several web pages in SAP NetWeaver Process Integration (Runtime Workbench), fixed in versions 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; can be accessed without user authentication, which might expose internal data like release information, Java package and Java object names which can be misused by the attacker. | ||||
| CVE-2019-0364 | 1 Sap | 1 Hana Extended Application Services | 2024-08-04 | 4.3 Medium |
| Attackers may misuse an HTTP/REST endpoint of SAP HANA Extended Application Services (Advanced model), before version 1.0.118, to enumerate open ports. | ||||
| CVE-2019-0331 | 1 Sap | 1 Businessobjects Business Intelligence | 2024-08-04 | N/A |
| Under certain conditions, SAP BusinessObjects Business Intelligence Platform (BI Workspace), versions 4.1, 4.2, 4.3, allows an attacker to access sensitive data such as directory structure, leading to Information Disclosure. | ||||
| CVE-2019-0353 | 1 Sap | 1 Business One Client | 2024-08-04 | 3.3 Low |
| Under certain conditions SAP Business One client (B1_ON_HANA, SAP-M-BO), before versions 9.2 and 9.3, allows an attacker to access information which would otherwise be restricted. | ||||
| CVE-2019-0363 | 1 Sap | 1 Hana Extended Application Services | 2024-08-04 | 7.1 High |
| Attackers may misuse an HTTP/REST endpoint of SAP HANA Extended Application Services (Advanced model), before version 1.0.118, to overload the server or retrieve information about internal network ports. | ||||
| CVE-2019-0368 | 1 Sap | 2 Customer Relationship Management Bbpcrm, Customer Relationship Management S4crm | 2024-08-04 | 5.4 Medium |
| SAP Customer Relationship Management (Email Management), versions: S4CRM before 1.0 and 2.0, BBPCRM before 7.0, 7.01, 7.02, 7.12, 7.13 and 7.14, does not sufficiently encode user-controlled inputs within the mail client resulting in Cross-Site Scripting vulnerability. | ||||
| CVE-2019-0275 | 1 Sap | 1 Netweaver Application Server Java | 2024-08-04 | 5.4 Medium |
| SAML 1.1 SSO Demo Application in SAP NetWeaver Java Application Server (J2EE-APPS), versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40 and 7.50, does not sufficiently encode user-controlled inputs, which results in cross-site scripting (XSS) vulnerability. | ||||
| CVE-2019-0329 | 1 Sap | 1 Information Steward | 2024-08-04 | N/A |
| SAP Information Steward, version 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | ||||