Vulnerabilities (CVE)

Filtered by vendor Sap Subscribe
Filtered by product Identity Management
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-6258 1 Sap 1 Identity Management 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
SAP Identity Management, version 8.0, does not perform necessary authorization checks for an authenticated user, allowing the attacker to view certain sensitive information of the victim, leading to Missing Authorization Check.
CVE-2019-0301 1 Sap 1 Identity Management 2024-11-21 6.5 MEDIUM 8.8 HIGH
Under certain conditions, it is possible to request the modification of role or privilege assignments through SAP Identity Management REST Interface Version 2, which would otherwise be restricted only for viewing.
CVE-2018-2417 1 Sap 1 Identity Management 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
Under certain conditions, the SAP Identity Management 8.0 (pass of type ToASCII) allows an attacker to access information which would otherwise be restricted.
CVE-2018-2416 1 Sap 1 Identity Management 2024-11-21 5.5 MEDIUM 5.4 MEDIUM
SAP Identity Management 7.2 and 8.0 do not sufficiently validate an XML document accepted from an untrusted source.