Filtered by vendor Sap
Subscriptions
Total
1493 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-0304 | 1 Sap | 5 Advanced Business Application Programming Platform Kernel, Advanced Business Application Programming Platform Krnl32nuc, Advanced Business Application Programming Platform Krnl32uc and 2 more | 2024-08-04 | N/A |
| FTP Function of SAP NetWeaver AS ABAP Platform, versions- KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, allows an attacker to inject code or specifically manipulated command that can be executed by the application. An attacker could thereby control the behaviour of the application. | ||||
| CVE-2019-0289 | 1 Sap | 1 Businessobjects | 2024-08-04 | N/A |
| Under certain conditions SAP BusinessObjects Business Intelligence platform (Analysis for OLAP), versions 4.2 and 4.3, allows an attacker to access information which would otherwise be restricted. | ||||
| CVE-2019-0298 | 1 Sap | 1 E-commerce | 2024-08-04 | N/A |
| SAP E-Commerce (Business-to-Consumer) application does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Fixed in the following components SAP-CRMJAV SAP-CRMWEB SAP-SHRWEB SAP-SHRJAV SAP-CRMAPP SAP-SHRAPP, versions 7.30, 7.31, 7.32, 7.33, 7.54. | ||||
| CVE-2019-0266 | 1 Sap | 1 Hana Extended Application Services | 2024-08-04 | N/A |
| Under certain conditions SAP HANA Extended Application Services, version 1.0, advanced model (XS advanced) writes credentials of platform users to a trace file of the SAP HANA system. Even though this trace file is protected from unauthorized access, the risk of leaking information is increased. | ||||
| CVE-2019-0293 | 1 Sap | 1 Sap Solution Manager System | 2024-08-04 | N/A |
| Read of RFC destination does not always perform necessary authorization checks, resulting in escalation of privileges to access information on RFC destinations on managed systems and SAP Solution Manager system (ST-PI, before versions 2008_1_700, 2008_1_710, and 740). | ||||
| CVE-2019-0267 | 1 Sap | 1 Manufacturing Integration And Intelligence | 2024-08-04 | N/A |
| SAP Manufacturing Integration and Intelligence, versions 15.0, 15.1 and 15.2, (Illuminator Servlet) currently does not provide Anti-XSRF tokens. This might lead to XSRF attacks in case the data is being posted to the Servlet from an external application. | ||||
| CVE-2019-0303 | 1 Sap | 1 Businessobjects | 2024-08-04 | N/A |
| SAP BusinessObjects Business Intelligence Platform (Administration Console), versions 4.2, 4.3, module BILogon/appService.jsp is reflecting requested parameter errMsg into response content without sanitation. This could be used by an attacker to build a special url that execute custom JavaScript code when the url is accessed. | ||||
| CVE-2019-0301 | 1 Sap | 1 Identity Management | 2024-08-04 | N/A |
| Under certain conditions, it is possible to request the modification of role or privilege assignments through SAP Identity Management REST Interface Version 2, which would otherwise be restricted only for viewing. | ||||
| CVE-2019-0249 | 1 Sap | 1 Landscape Management | 2024-08-04 | N/A |
| Under certain conditions SAP Landscape Management (VCM 3.0) allows an attacker to access information which would otherwise be restricted. | ||||
| CVE-2019-0254 | 1 Sap | 1 Disclosure Management | 2024-08-04 | N/A |
| SAP Disclosure Management (before version 10.1 Stack 1301) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2019-0283 | 1 Sap | 1 Netweaver Process Integration | 2024-08-04 | N/A |
| SAP NetWeaver Process Integration (Adapter Engine), fixed in versions 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; is vulnerable to Digital Signature Spoofing. It is possible to spoof XML signatures and send arbitrary requests to the server via PI Axis adapter. These requests will be accepted by the PI Axis adapter even if the payload has been altered, especially when the signed element is the body of the xml document. | ||||
| CVE-2019-0259 | 1 Sap | 1 Businessobjects | 2024-08-04 | N/A |
| SAP BusinessObjects, versions 4.2 and 4.3, (Visual Difference) allows an attacker to upload any file (including script files) without proper file format validation. | ||||
| CVE-2019-0291 | 1 Sap | 1 Solution Manager | 2024-08-04 | N/A |
| Under certain conditions Solution Manager, version 7.2, allows an attacker to access information which would otherwise be restricted. | ||||
| CVE-2019-0261 | 1 Sap | 1 Landscape Management | 2024-08-04 | N/A |
| Under certain circumstances, SAP HANA Extended Application Services, advanced model (XS advanced) does not perform authentication checks properly for XS advanced platform and business users. Fixed in 1.0.97 to 1.0.99 (running on SAP HANA 1 or SAP HANA 2 SPS0 (second S stands for stack)). | ||||
| CVE-2019-0285 | 1 Sap | 1 Crystal Reports | 2024-08-04 | N/A |
| The .NET SDK WebForm Viewer in SAP Crystal Reports for Visual Studio (fixed in version 2010) discloses sensitive database information including credentials which can be misused by the attacker. | ||||
| CVE-2019-0284 | 1 Sap | 1 Hana | 2024-08-04 | N/A |
| SLD Registration in SAP HANA (fixed in versions 1.0, 2.0) does not sufficiently validate an XML document accepted from an untrusted source. The attacker can call SLDREG with an XML file containing a reference to an XML External Entity (XXE). This can cause SLDREG to, for example, continuously loop, read arbitrary files and even send local files. | ||||
| CVE-2019-0270 | 1 Sap | 5 Advanced Business Application Programming Platform Kernel, Advanced Business Application Programming Platform Krnl32nuc, Advanced Business Application Programming Platform Krnl32uc and 2 more | 2024-08-04 | N/A |
| ABAP Server of SAP NetWeaver and ABAP Platform fail to perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has been corrected in the following versions: KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.74, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, 7.74, 8.04, KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, 7.74, 7.75, 8.04. | ||||
| CVE-2019-0246 | 1 Sap | 1 Cloud Connector | 2024-08-04 | N/A |
| SAP Cloud Connector, before version 2.11.3, does not perform any authentication checks for functionalities that require user identity. | ||||
| CVE-2019-0287 | 1 Sap | 1 Businessobjects | 2024-08-04 | N/A |
| Under certain conditions SAP BusinessObjects Business Intelligence platform (Central Management Server), versions 4.2 and 4.3, allows an attacker to access information which would otherwise be restricted. | ||||
| CVE-2019-0277 | 1 Sap | 1 Hana Extended Application Services | 2024-08-04 | N/A |
| SAP HANA extended application services, version 1, advanced does not sufficiently validate an XML document accepted from an authenticated developer with privileges to the SAP space (XML External Entity vulnerability). | ||||