Filtered by vendor Sap
Subscriptions
Total
1497 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-2376 | 1 Sap | 1 Hana Extended Application Services | 2024-11-21 | N/A |
| In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could retrieve application environments within that space. | ||||
| CVE-2018-2375 | 1 Sap | 1 Hana Extended Application Services | 2024-11-21 | N/A |
| In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could retrieve application environments within that space. | ||||
| CVE-2018-2374 | 1 Sap | 1 Hana Extended Application Services | 2024-11-21 | N/A |
| In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could retrieve sensitive application data like service bindings within that space. | ||||
| CVE-2018-2373 | 1 Sap | 1 Hana Extended Application Services | 2024-11-21 | N/A |
| Under certain circumstances, a specific endpoint of the Controller's API could be misused by unauthenticated users to execute SQL statements that deliver information about system configuration in SAP HANA Extended Application Services, 1.0. | ||||
| CVE-2018-2372 | 1 Sap | 1 Hana Extended Application Services | 2024-11-21 | N/A |
| A plain keystore password is written to a system log file in SAP HANA Extended Application Services, 1.0, which could endanger confidentiality of SSL communication. | ||||
| CVE-2018-2371 | 1 Sap | 1 Netweaver Java Web Application | 2024-11-21 | N/A |
| The SAML 2.0 service provider of SAP Netweaver AS Java Web Application, 7.50, does not sufficiently encode user controlled inputs, which results in Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2018-2370 | 1 Sap | 1 Bi Launchpad | 2024-11-21 | N/A |
| Server Side Request Forgery (SSRF) vulnerability in SAP Central Management Console, BI Launchpad and Fiori BI Launchpad, 4.10, from 4.20, from 4.30, could allow a malicious user to use common techniques to determine which ports are in use on the backend server. | ||||
| CVE-2018-2369 | 1 Sap | 1 Hana | 2024-11-21 | N/A |
| Under certain conditions SAP HANA, 1.00, 2.00, allows an unauthenticated attacker to access information which would otherwise be restricted. An attacker can misuse the authentication function of the SAP HANA server on its SQL interface and disclose 8 bytes of the server process memory. The attacker cannot influence or predict the location of the leaked memory. | ||||
| CVE-2018-2368 | 1 Sap | 1 Netweaver System Landscape Directory | 2024-11-21 | N/A |
| SAP NetWeaver System Landscape Directory, LM-CORE 7.10, 7.20, 7.30, 7.31, 7.40, does not perform any authentication checks for functionalities that require user identity. | ||||
| CVE-2018-2367 | 1 Sap | 1 Business Application Software Integrated Solution | 2024-11-21 | N/A |
| ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs. | ||||
| CVE-2018-2365 | 1 Sap | 1 Netweaver Portal | 2024-11-21 | N/A |
| SAP NetWeaver Portal, WebDynpro Java, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2018-2364 | 1 Sap | 2 Customer Relationship Management Webclient Ui, S4fnd | 2024-11-21 | N/A |
| SAP CRM WebClient UI 7.01, 7.31, 7.46, 7.47, 7.48, 8.00, 8.01, S4FND 1.02, does not sufficiently validate and/or encode hidden fields, resulting in Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2018-2363 | 1 Sap | 2 Business Application Software Integrated Solution, Netweaver | 2024-11-21 | N/A |
| SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, contains code that allows you to execute arbitrary program code of the user's choice. A malicious user can therefore control the behaviour of the system or can potentially escalate privileges by executing malicious code without legitimate credentials. | ||||
| CVE-2018-2362 | 1 Sap | 1 Hana | 2024-11-21 | N/A |
| A remote unauthenticated attacker, SAP HANA 1.00 and 2.00, could send specially crafted SOAP requests to the SAP Startup Service and disclose information such as the platform's hostname. | ||||
| CVE-2018-2361 | 1 Sap | 1 Solution Manager | 2024-11-21 | N/A |
| In SAP Solution Manager 7.20, the role SAP_BPO_CONFIG gives the Business Process Operations (BPO) configuration user more authorization than required for configuring the BPO tools. | ||||
| CVE-2018-2360 | 1 Sap | 1 Sap Kernel | 2024-11-21 | N/A |
| SAP Startup Service, SAP KERNEL 7.45, 7.49, and 7.52, is missing an authentication check for functionalities that require user identity and cause consumption of file system storage. | ||||
| CVE-2018-17865 | 1 Sap | 1 J2ee Engine | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in SAP J2EE Engine 7.01 allows remote attackers to inject arbitrary web script via the wsdlPath parameter to /ctcprotocol/Protocol. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2018-17862 | 1 Sap | 1 J2ee Engine | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in SAP J2EE Engine/7.01/Fiori allows remote attackers to inject arbitrary web script via the sys_jdbc parameter to /TestJDBC_Web/test2. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2018-17861 | 1 Sap | 1 J2ee Engine | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in SAP J2EE Engine/7.01/Portal/EPP allows remote attackers to inject arbitrary web script via the wsdlLib parameter to /ctcprotocol/Protocol. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2018-11415 | 1 Sap | 1 Internet Transaction Server | 2024-11-21 | N/A |
| SAP Internet Transaction Server (ITS) 6200.X.X has Reflected Cross Site Scripting (XSS) via certain wgate URIs. NOTE: the vendor has reportedly indicated that there will not be any further releases of this product. | ||||