Filtered by vendor Sap
Subscribe
Total
1485 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-2471 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 allows an attacker to access information which would otherwise be restricted. | |||||
| CVE-2018-2470 | 1 Sap | 1 Netweaver | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In SAP NetWeaver Application Server for ABAP, from 7.0 to 7.02, 7.30, 7.31, 7.40 and from 7.50 to 7.53, applications do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2018-2469 | 1 Sap | 1 Adaptive Server Enterprise | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Under certain conditions SAP Adaptive Server Enterprise (ASE), versions 15.7 and 16.0, allows an attacker to access information which would otherwise be restricted. | |||||
| CVE-2018-2468 | 1 Sap | 1 Adaptive Server Enterprise | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Under certain conditions the backup server in SAP Adaptive Server Enterprise (ASE), versions 15.7 and 16.0, allows an attacker to access information which would otherwise be restricted. | |||||
| CVE-2018-2467 | 1 Sap | 1 Businessobjects Bi Platform | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In the Software Development Kit in SAP BusinessObjects BI Platform Servers, versions 4.1 and 4.2, using the specially crafted URL in a Web Browser such as Chrome the system returns an error with the path of the used application server. | |||||
| CVE-2018-2466 | 1 Sap | 1 Data Services | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In Impact and Lineage Analysis in SAP Data Services, version 4.2, the management console does not sufficiently validate user-controlled inputs, which results in Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2018-2465 | 1 Sap | 1 Hana | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| SAP HANA (versions 1.0 and 2.0) Extended Application Services classic model OData parser does not sufficiently validate XML. By exploiting, an unauthorized hacker can cause the database server to crash. | |||||
| CVE-2018-2464 | 1 Sap | 1 Netweaver | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP WebDynpro Java, versions 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2018-2463 | 1 Sap | 1 Hybris | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
| The Omni Commerce Connect API (OCC) of SAP Hybris Commerce, versions 6.*, is vulnerable to server-side request forgery (SSRF) attacks. This is due to a misconfiguration of XML parser that is used in the server-side implementation of OCC. | |||||
| CVE-2018-2462 | 1 Sap | 1 Netweaver | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| In certain cases, BEx Web Java Runtime Export Web Service in SAP NetWeaver BI 7.30, 7.31. 7.40, 7.41, 7.50, does not sufficiently validate an XML document accepted from an untrusted source. | |||||
| CVE-2018-2461 | 1 Sap | 1 People Profile | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Missing authorization check in SAP HCM Fiori "People Profile" (GBX01 HR version 6.0) for an authenticated user which may result in an escalation of privileges. | |||||
| CVE-2018-2460 | 1 Sap | 1 Business One | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| SAP Business One Android application, version 1.2, does not verify the certificate properly for HTTPS connection. This allows attacker to do MITM attack. | |||||
| CVE-2018-2459 | 1 Sap | 1 Mobile Platform | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Users of an SAP Mobile Platform (version 3.0) Offline OData application, which uses Offline OData-supplied delta tokens (which is on by default), occasionally receive some data values of a different user. | |||||
| CVE-2018-2458 | 1 Sap | 1 Business One | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Under certain conditions, Crystal Report using SAP Business One, versions 9.2 and 9.3, connection type allows an attacker to access information which would otherwise be restricted. | |||||
| CVE-2018-2457 | 1 Sap | 1 Adaptive Server Enterprise | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Under certain conditions SAP Adaptive Server Enterprise, version 16.0, allows some privileged users to access information which would otherwise be restricted. | |||||
| CVE-2018-2455 | 1 Sap | 1 Enterprise Financial Services | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SAP Enterprise Financial Services, versions 6.05, 6.06, 6.16, 6.17, 6.18, 8.0 (in business function EAFS_BCA_BUSOPR_SEPA) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | |||||
| CVE-2018-2454 | 1 Sap | 1 Enterprise Financial Services | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SAP Enterprise Financial Services, versions 6.05, 6.06, 6.16, 6.17, 6.18, 8.0 (in business function EAFS_BCA_BUSOPR_2) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | |||||
| CVE-2018-2452 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The logon application of SAP NetWeaver AS Java 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user-controlled inputs, resulting in a cross-site scripting (XSS) vulnerability. | |||||
| CVE-2018-2451 | 1 Sap | 1 Hana Extended Application Services | 2024-11-21 | 6.0 MEDIUM | 6.6 MEDIUM |
| XS Command-Line Interface (CLI) user sessions with the SAP HANA Extended Application Services (XS), version 1, advanced server may have an unintentional prolonged period of validity. Consequently, a platform user could access controller resources via active CLI session even after corresponding authorizations have been revoked meanwhile by an administrator user. Similarly, an attacker who managed to gain access to the platform user's session might misuse the session token even after the session has been closed. | |||||
| CVE-2018-2450 | 1 Sap | 1 Maxdb | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| SAP MaxDB (liveCache), versions 7.8 and 7.9, allows an attacker who gets DBM operator privileges to execute crafted database queries and therefore read, modify or delete sensitive data from database. | |||||