Filtered by vendor Sap
Subscribe
Total
1304 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-2423 | 1 Sap | 1 Internet Graphics Server | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, HTTP and RFC listener allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. | |||||
| CVE-2018-2422 | 1 Sap | 1 Internet Graphics Server | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| SAP Internet Graphics Server (IGS) Portwatcher, 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. | |||||
| CVE-2018-2402 | 1 Sap | 1 Hana | 2019-10-09 | 3.5 LOW | 8.4 HIGH |
| In systems using the optional capture & replay functionality of SAP HANA, 1.00 and 2.00, (see SAP Note 2362820 for more information about capture & replay), user credentials may be stored in clear text in the indexserver trace files of the control system. An attacker with the required authorizations on the control system may be able to access the user credentials and gain unauthorized access to data in the captured or target system. | |||||
| CVE-2018-2412 | 1 Sap | 1 Disclosure Management | 2019-10-09 | 6.5 MEDIUM | 8.8 HIGH |
| SAP Disclosure Management 10.1 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | |||||
| CVE-2018-2424 | 1 Sap | 4 Hana Database, Ui, Ui5 and 1 more | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| SAP UI5 did not validate user input before adding it to the DOM structure. This may lead to malicious user-provided JavaScript code being added to the DOM that could steal user information. Software components affected are: SAP Hana Database 1.00, 2.00; SAP UI5 1.00; SAP UI5 (Java) 7.30, 7.31, 7.40, 7,50; SAP UI 7.40, 7.50, 7.51, 7.52, and version 2.0 of SAP UI for SAP NetWeaver 7.00 | |||||
| CVE-2018-2420 | 1 Sap | 1 Internet Graphics Server | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to upload any file (including script files) without proper file format validation. | |||||
| CVE-2018-2410 | 1 Sap | 1 Business One | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| SAP Business One, 9.2, 9.3, browser access does not sufficiently encode user controlled inputs, which results in a Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2018-2409 | 1 Sap | 1 Cloud Platform | 2019-10-09 | 6.5 MEDIUM | 8.8 HIGH |
| Improper session management when using SAP Cloud Platform 2.0 (Connectivity Service and Cloud Connector). Under certain conditions, data of some other user may be shown or modified when using an application built on top of SAP Cloud Platform. | |||||
| CVE-2018-2408 | 1 Sap | 1 Businessobjects | 2019-10-09 | 7.5 HIGH | 7.3 HIGH |
| Improper Session Management in SAP Business Objects, 4.0, from 4.10, from 4.20, 4.30, CMC/BI Launchpad/Fiorified BI Launchpad. In case of password change for a user, all other active sessions created using older password continues to be active. | |||||
| CVE-2018-2406 | 1 Sap | 1 Crystal Reports Server | 2019-10-09 | 4.6 MEDIUM | 5.3 MEDIUM |
| Unquoted windows search path (directory/path traversal) vulnerability in Crystal Reports Server, OEM Edition (CRSE), 4.0, 4.10, 4.20, 4.30, startup path. | |||||
| CVE-2018-2405 | 1 Sap | 1 Solution Manager | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| SAP Solution Manager, 7.10, 7.20, Incident Management Work Center allows an attacker to upload a malicious script as an attachment and this could lead to possible Cross-Site Scripting. | |||||
| CVE-2015-2107 | 2 Hp, Sap | 2 Operations Manager I Management Pack, Netweaver | 2019-10-09 | 6.8 MEDIUM | N/A |
| HP Operations Manager i Management Pack 1.x before 1.01 for SAP allows local users to execute OS commands by leveraging SAP administrative privileges. | |||||
| CVE-2018-2434 | 1 Sap | 3 Netweaver, Ui Infra, User Interface Technology | 2019-10-02 | 4.3 MEDIUM | 4.3 MEDIUM |
| A content spoofing vulnerability in the following components allows to render html pages containing arbitrary plain text content, which might fool an end user: UI add-on for SAP NetWeaver (UI_Infra, 1.0), SAP UI Implementation for Decoupled Innovations (UI_700, 2.0): SAP NetWeaver 7.00 Implementation, SAP User Interface Technology (SAP_UI 7.4, 7.5, 7.51, 7.52). There is little impact as it is not possible to embed active contents such as JavaScript or hyperlinks. | |||||
| CVE-2018-2436 | 1 Sap | 1 R\/3 Enterprise Retail | 2019-10-02 | 6.5 MEDIUM | 8.8 HIGH |
| Executing transaction WRCK in SAP R/3 Enterprise Retail (EHP6) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | |||||
| CVE-2017-5997 | 1 Sap | 1 Sap Kernel | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| The SAP Message Server HTTP daemon in SAP KERNEL 7.21-7.49 allows remote attackers to cause a denial of service (memory consumption and process crash) via multiple msgserver/group?group= requests with a crafted size of the group parameter, aka SAP Security Note 2358972. | |||||
| CVE-2017-6950 | 1 Sap | 1 Gui For Windows | 2019-10-02 | 7.5 HIGH | 9.8 CRITICAL |
| SAP GUI 7.2 through 7.5 allows remote attackers to bypass intended security policy restrictions and execute arbitrary code via a crafted ABAP code, aka SAP Security Note 2407616. | |||||
| CVE-2017-15293 | 1 Sap | 1 Point Of Sale Xpress Server | 2019-10-02 | 10.0 HIGH | 9.8 CRITICAL |
| Xpress Server in SAP POS does not require authentication for file read and erase operations, daemon shutdown, terminal read operations, or certain attacks on credentials. This is SAP Security Note 2520064. | |||||
| CVE-2017-7696 | 1 Sap | 1 Sso Authentication Library | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| SAP AS JAVA SSO Authentication Library 2.0 through 3.0 allow remote attackers to cause a denial of service (memory consumption) via large values in the width and height parameters to otp_logon_ui_resources/qr, aka SAP Security Note 2389042. | |||||
| CVE-2017-15295 | 1 Sap | 1 Point Of Sale Xpress Server | 2019-10-02 | 10.0 HIGH | 9.8 CRITICAL |
| Xpress Server in SAP POS does not require authentication for read/write/delete file access. This is SAP Security Note 2520064. | |||||
| CVE-2017-8914 | 1 Sap | 1 Hana Xs | 2019-10-02 | 7.5 HIGH | 8.3 HIGH |
| sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers to hijack npm packages or host arbitrary files by leveraging an insecure user creation policy, aka SAP Security Note 2407694. | |||||