Filtered by vendor Sap
Subscriptions
Total
1497 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-0249 | 1 Sap | 1 Landscape Management | 2024-11-21 | N/A |
| Under certain conditions SAP Landscape Management (VCM 3.0) allows an attacker to access information which would otherwise be restricted. | ||||
| CVE-2019-0248 | 1 Sap | 2 Basis, Netweaver | 2024-11-21 | 5.9 Medium |
| Under certain conditions SAP Gateway of ABAP Application Server (fixed in SAP_GWFND 7.5, 7.51, 7.52, 7.53; SAP_BASIS 7.5) allows an attacker to access information which would otherwise be restricted. | ||||
| CVE-2019-0247 | 1 Sap | 1 Cloud Connector | 2024-11-21 | N/A |
| SAP Cloud Connector, before version 2.11.3, allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application. | ||||
| CVE-2019-0246 | 1 Sap | 1 Cloud Connector | 2024-11-21 | N/A |
| SAP Cloud Connector, before version 2.11.3, does not perform any authentication checks for functionalities that require user identity. | ||||
| CVE-2019-0245 | 1 Sap | 3 Customer Relationship Management Webclient Ui, S4fnd, Sapscore | 2024-11-21 | N/A |
| SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2019-0244 | 1 Sap | 3 Customer Relationship Management Webclient Ui, S4fnd, Sapscore | 2024-11-21 | N/A |
| SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2019-0243 | 1 Sap | 1 Bw\/4hana | 2024-11-21 | N/A |
| Under some circumstances, masterdata maintenance in SAP BW/4HANA (fixed in DW4CORE version 1.0 (SP08)) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | ||||
| CVE-2019-0241 | 1 Sap | 2 Agentry Sdk, Work Manager | 2024-11-21 | N/A |
| SAP Work and Inventory Manager (Agentry_SDK , before 7.0, 7.1) allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. | ||||
| CVE-2019-0240 | 1 Sap | 1 Businessobjects Mobile | 2024-11-21 | N/A |
| SAP Business Objects Mobile for Android (before 6.3.5) application allows an attacker to provide malicious input in the form of a SAP BI link, preventing legitimate users from accessing the application by crashing it. | ||||
| CVE-2019-0238 | 1 Sap | 1 Hybris | 2024-11-21 | N/A |
| SAP Commerce (previously known as SAP Hybris Commerce), before version 6.7, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2018-2505 | 1 Sap | 1 Hybris | 2024-11-21 | N/A |
| SAP Commerce does not sufficiently validate user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability in storefronts that are based on the product. Fixed in versions (SAP Hybris Commerce, versions 6.2, 6.3, 6.4, 6.5, 6.6, 6.7). | ||||
| CVE-2018-2504 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-21 | 6.1 Medium |
| SAP NetWeaver AS Java Web Container service does not validate against whitelist the HTTP host header which can result in HTTP Host Header Manipulation or Cross-Site Scripting (XSS) vulnerability. This is fixed in versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50. | ||||
| CVE-2018-2503 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-21 | 7.4 High |
| By default, the SAP NetWeaver AS Java keystore service does not sufficiently restrict the access to resources that should be protected. This has been fixed in SAP NetWeaver AS Java (ServerCore versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50). | ||||
| CVE-2018-2502 | 1 Sap | 1 Business One On Hana | 2024-11-21 | N/A |
| TRACE method is enabled in SAP Business One Service Layer . Attacker can use XST (Cross Site Tracing) attack if frontend applications that are using Service Layer has a XSS vulnerability. This has been fixed in SAP Business One Service Layer (B1_ON_HANA, versions 9.2, 9.3). | ||||
| CVE-2018-2500 | 1 Sap | 1 Mobile Secure | 2024-11-21 | N/A |
| Under certain conditions SAP Mobile Secure Android client (before version 6.60.19942.0 SP28 1711) allows an attacker to access information which would otherwise be restricted. | ||||
| CVE-2018-2499 | 1 Sap | 2 Financial Consolidation Cube Designer, Financial Consolidation Cube Designer Bobj Eades | 2024-11-21 | N/A |
| A security weakness in SAP Financial Consolidation Cube Designer (BOBJ_EADES fixed in versions 8.0, 10.1) may allow an attacker to discover the password hash of an admin user. | ||||
| CVE-2018-2497 | 1 Sap | 1 Hana | 2024-11-21 | N/A |
| The security audit log of SAP HANA, versions 1.0 and 2.0, does not log SELECT events if these events are part of a statement with the syntax CREATE TABLE <table_name> AS SELECT. | ||||
| CVE-2018-2494 | 1 Sap | 1 Business Application Software Integrated Solution | 2024-11-21 | N/A |
| Necessary authorization checks for an authenticated user, resulting in escalation of privileges, have been fixed in SAP Basis AS ABAP of SAP NetWeaver 700 to 750, from 750 onwards delivered as ABAP Platform. | ||||
| CVE-2018-2492 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-21 | 7.1 High |
| SAML 2.0 functionality in SAP NetWeaver AS Java, does not sufficiently validate XML documents received from an untrusted source. This is fixed in versions 7.2, 7.30, 7.31, 7.40 and 7.50. | ||||
| CVE-2018-2491 | 1 Sap | 1 Fiori Client | 2024-11-21 | N/A |
| When opening a deep link URL in SAP Fiori Client with log level set to "Debug", the client application logs the URL to the log file. If this URL contains malicious JavaScript code it can eventually run inside the built-in log viewer of the application in case user opens the viewer and taps on the hyperlink in the viewer. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues and users must update to that version. | ||||