Filtered by vendor Sap
Subscriptions
Total
1493 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-0255 | 1 Sap | 3 Advanced Business Application Programming Platform Kernel, Advanced Business Application Programming Platform Krnl64nuc, Advanced Business Application Programming Platform Krnl64uc | 2024-08-04 | N/A |
| SAP NetWeaver AS ABAP Platform, Krnl64nuc 7.74, krnl64UC 7.73, 7.74, Kernel 7.73, 7.74, 7.75, fails to validate type of installation for an ABAP Server system correctly. That behavior may lead to situation, where business user achieves access to the full SAP Menu, that is 'Easy Access Menu'. The situation can be misused by any user to leverage privileges to business functionality. | ||||
| CVE-2019-0271 | 1 Sap | 3 Advanced Business Application Programming Platform, Advanced Business Application Programming Server, Sap Kernel | 2024-08-04 | 6.5 Medium |
| ABAP Server (used in NetWeaver and Suite/ERP) and ABAP Platform does not sufficiently validate an XML document accepted from an untrusted source, leading to an XML External Entity (XEE) vulnerability. Fixed in Kernel 7.21 or 7.22, that is ABAP Server 7.00 to 7.31 and Kernel 7.45, 7.49 or 7.53, that is ABAP Server 7.40 to 7.52 or ABAP Platform. For more recent updates please refer to Security Note 2870067 (which supersedes the solution of Security Note 2736825) in the reference section below. | ||||
| CVE-2019-0262 | 1 Sap | 1 Businessobjects Bi Platform | 2024-08-04 | N/A |
| SAP WebIntelligence BILaunchPad, versions 4.10, 4.20, does not sufficiently encode user-controlled inputs in generated HTML reports, resulting in Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2019-0278 | 1 Sap | 1 Netweaver Process Integration | 2024-08-04 | N/A |
| Under certain conditions the Monitoring Servlet of the SAP NetWeaver Process Integration (Messaging System), fixed in versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to see the names of database tables used by the application, leading to information disclosure. | ||||
| CVE-2019-0247 | 1 Sap | 1 Cloud Connector | 2024-08-04 | N/A |
| SAP Cloud Connector, before version 2.11.3, allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application. | ||||
| CVE-2019-0276 | 1 Sap | 2 Banking Services From Sap, S\/4hana Financial Products Subledger | 2024-08-04 | N/A |
| Banking services from SAP 9.0 (FSAPPL version 5) and SAP S/4HANA Financial Products Subledger (S4FPSL, version 1) performs an inadequate authorization check for an authenticated user, potentially resulting in escalation of privileges. | ||||
| CVE-2019-0248 | 1 Sap | 2 Basis, Netweaver | 2024-08-04 | 5.9 Medium |
| Under certain conditions SAP Gateway of ABAP Application Server (fixed in SAP_GWFND 7.5, 7.51, 7.52, 7.53; SAP_BASIS 7.5) allows an attacker to access information which would otherwise be restricted. | ||||
| CVE-2019-0274 | 1 Sap | 1 Mobile Platform Sdk | 2024-08-04 | N/A |
| SAP Mobile Platform SDK allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service (i.e. denial of service). Fixed in versions 3.1 SP03 PL02, SDK 3.1 SP04, or later. | ||||
| CVE-2019-0265 | 1 Sap | 5 Advanced Business Application Programming Platform Kernel, Advanced Business Application Programming Platform Krnl32nuc, Advanced Business Application Programming Platform Krnl32uc and 2 more | 2024-08-04 | N/A |
| SLD Registration of ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. Fixed in versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT,KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49,KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49. 7.73 KERNEL from 7.21 to 7.22, 7.45, 7.49, 7.53, 7.73, 7.75. | ||||
| CVE-2019-0256 | 1 Sap | 1 Business One | 2024-08-04 | N/A |
| Under certain conditions SAP Business One Mobile Android App, version 1.2.12, allows an attacker to access information which would otherwise be restricted. | ||||
| CVE-2019-0257 | 1 Sap | 2 Netweaver Application Server Abap, Netweaver As Abap | 2024-08-04 | 8.8 High |
| Customizing functionality of SAP NetWeaver AS ABAP Platform (fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.53, from 7.74 to 7.75) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | ||||
| CVE-2019-0279 | 1 Sap | 1 Business Application Software Integrated Solution | 2024-08-04 | N/A |
| ABAP BASIS function modules INST_CREATE_R3_RFC_DEST, INST_CREATE_TCPIP_RFCDEST, and INST_CREATE_TCPIP_RFC_DEST in SAP BASIS (fixed in versions 7.0 to 7.02, 7.10 to 7.30, 7.31, 7.40, 7.50 to 7.53) do not perform necessary authorization checks in all circumstances for an authenticated user, resulting in escalation of privileges. | ||||
| CVE-2019-0241 | 1 Sap | 2 Agentry Sdk, Work Manager | 2024-08-04 | N/A |
| SAP Work and Inventory Manager (Agentry_SDK , before 7.0, 7.1) allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. | ||||
| CVE-2019-0244 | 1 Sap | 3 Customer Relationship Management Webclient Ui, S4fnd, Sapscore | 2024-08-04 | N/A |
| SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2019-0240 | 1 Sap | 1 Businessobjects Mobile | 2024-08-04 | N/A |
| SAP Business Objects Mobile for Android (before 6.3.5) application allows an attacker to provide malicious input in the form of a SAP BI link, preventing legitimate users from accessing the application by crashing it. | ||||
| CVE-2019-0245 | 1 Sap | 3 Customer Relationship Management Webclient Ui, S4fnd, Sapscore | 2024-08-04 | N/A |
| SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2019-0238 | 1 Sap | 1 Hybris | 2024-08-04 | N/A |
| SAP Commerce (previously known as SAP Hybris Commerce), before version 6.7, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2019-0243 | 1 Sap | 1 Bw\/4hana | 2024-08-04 | N/A |
| Under some circumstances, masterdata maintenance in SAP BW/4HANA (fixed in DW4CORE version 1.0 (SP08)) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | ||||
| CVE-2020-26819 | 1 Sap | 1 Netweaver Application Server Abap | 2024-08-04 | 8.8 High |
| SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, that allows them to read and delete database logfiles because of Improper Access Control. | ||||
| CVE-2020-26831 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-08-04 | 9.6 Critical |
| SAP BusinessObjects BI Platform (Crystal Report), versions - 4.1, 4.2, 4.3, does not sufficiently validate uploaded XML entities during crystal report generation due to missing XML validation, An attacker with basic privileges can inject some arbitrary XML entities leading to internal file disclosure, internal directories disclosure, Server-Side Request Forgery (SSRF) and denial-of-service (DoS). | ||||