Filtered by vendor Sap
Subscribe
Total
1304 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-0382 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2019-11-15 | 3.5 LOW | 5.4 MEDIUM |
| A Cross-Site Scripting vulnerability exists in SAP BusinessObjects Business Intelligence Platform (Web Intelligence-Publication related pages); corrected in version 4.2. Privileges are required in order to exploit this vulnerability. | |||||
| CVE-2019-0393 | 1 Sap | 1 Quality Management | 2019-11-15 | 4.0 MEDIUM | 4.3 MEDIUM |
| An SQL Injection vulnerability in SAP Quality Management (corrected in S4CORE versions 1.0, 1.01, 1.02, 1.03) allows an attacker to carry out targeted database queries that can read individual fields of historical inspection results. | |||||
| CVE-2019-0368 | 1 Sap | 2 Customer Relationship Management Bbpcrm, Customer Relationship Management S4crm | 2019-10-17 | 3.5 LOW | 5.4 MEDIUM |
| SAP Customer Relationship Management (Email Management), versions: S4CRM before 1.0 and 2.0, BBPCRM before 7.0, 7.01, 7.02, 7.12, 7.13 and 7.14, does not sufficiently encode user-controlled inputs within the mail client resulting in Cross-Site Scripting vulnerability. | |||||
| CVE-2019-0381 | 1 Sap | 3 Dynamic Tier, Sap Iq, Sql Anywhere | 2019-10-15 | 2.1 LOW | 5.5 MEDIUM |
| A binary planting in SAP SQL Anywhere, before version 17.0, SAP IQ, before version 16.1, and SAP Dynamic Tier, before versions 1.0 and 2.0, can result in the inadvertent access of files located in directories outside of the paths specified by the user. | |||||
| CVE-2019-0370 | 1 Sap | 1 Financial Consolidation | 2019-10-11 | 6.4 MEDIUM | 6.5 MEDIUM |
| Due to missing input validation, SAP Financial Consolidation, before versions 10.0 and 10.1, enables an attacker to use crafted input to interfere with the structure of the surrounding query leading to XPath Injection. | |||||
| CVE-2019-0369 | 1 Sap | 1 Financial Consolidation | 2019-10-10 | 3.5 LOW | 5.4 MEDIUM |
| SAP Financial Consolidation, before versions 10.0 and 10.1, does not sufficiently encode user-controlled inputs, which allows an attacker to execute scripts by uploading files containing malicious scripts, leading to reflected cross site scripting vulnerability. | |||||
| CVE-2019-0374 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2019-10-10 | 3.5 LOW | 5.4 MEDIUM |
| SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows execution of scripts in the chart title resulting in reflected Cross-Site Scripting | |||||
| CVE-2019-0375 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2019-10-10 | 3.5 LOW | 5.4 MEDIUM |
| SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows execution of scripts in the export dialog box of the report name resulting in reflected Cross-Site Scripting. | |||||
| CVE-2019-0376 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2019-10-10 | 3.5 LOW | 5.4 MEDIUM |
| SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows an attacker to save malicious scripts in the publication name, which can be executed later by the victim, resulting in Stored Cross-Site Scripting. | |||||
| CVE-2019-0377 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2019-10-10 | 3.5 LOW | 5.4 MEDIUM |
| SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2, does not sufficiently encode user-controlled inputs and allows an attacker to store malicious scripts in the input controls, resulting in Stored Cross-Site Scripting. | |||||
| CVE-2019-0378 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2019-10-10 | 3.5 LOW | 5.4 MEDIUM |
| SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before version 4.2, does not sufficiently encode user-controlled inputs and allows an attacker to store malicious scripts in the file name of the background image resulting in Stored Cross-Site Scripting. | |||||
| CVE-2019-0367 | 1 Sap | 1 Netweaver Process Integration | 2019-10-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| SAP NetWeaver Process Integration (B2B Toolkit), before versions 1.0 and 2.0, does not perform necessary authorization checks for an authenticated user, allowing the import of B2B table content that leads to Missing Authorization Check. | |||||
| CVE-2018-2418 | 1 Sap | 1 Maxdb Odbc Driver | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| SAP MaxDB ODBC driver (all versions before 7.9.09.07) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application. | |||||
| CVE-2018-2421 | 1 Sap | 1 Internet Graphics Server | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| SAP Internet Graphics Server (IGS) Portwatcher, 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. | |||||
| CVE-2018-2397 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| In SAP Business Objects Business Intelligence Platform, 4.00, 4.10, 4.20, 4.30, the Central Management Console (CMC) does not sufficiently encode user controlled inputs which results in Cross-Site Scripting. | |||||
| CVE-2018-2419 | 1 Sap | 3 Ea-finserv, S4core, Sapscore | 2019-10-09 | 5.5 MEDIUM | 4.6 MEDIUM |
| SAP Enterprise Financial Services (SAPSCORE 1.11, 1.12; S4CORE 1.01, 1.02; EA-FINSERV 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | |||||
| CVE-2018-2415 | 1 Sap | 2 J2ee Engine Server Core, Netweaver Java Web Container And Http Service Engine | 2019-10-09 | 4.3 MEDIUM | 4.7 MEDIUM |
| SAP NetWeaver Application Server Java Web Container and HTTP Service (Engine API, from 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; J2EE Engine Server Core 7.11, 7.30, 7.31, 7.40, 7.50) do not sufficiently encode user controlled inputs, resulting in a content spoofing vulnerability when error pages are displayed. | |||||
| CVE-2018-2399 | 1 Sap | 1 Process Monitoring Infrastructure | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-Site Scripting in Process Monitoring Infrastructure, from 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, due to inefficient encoding of user controlled inputs. | |||||
| CVE-2018-2413 | 1 Sap | 1 Disclosure Management | 2019-10-09 | 6.5 MEDIUM | 8.8 HIGH |
| SAP Disclosure Management 10.1 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | |||||
| CVE-2018-2404 | 1 Sap | 1 Disclosure Management | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| SAP Disclosure Management 10.1 allows an attacker to upload any file without proper file format validation. | |||||