Filtered by vendor Sap
Subscribe
Total
1487 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-2417 | 1 Sap | 1 Identity Management | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Under certain conditions, the SAP Identity Management 8.0 (pass of type ToASCII) allows an attacker to access information which would otherwise be restricted. | |||||
| CVE-2018-2416 | 1 Sap | 1 Identity Management | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
| SAP Identity Management 7.2 and 8.0 do not sufficiently validate an XML document accepted from an untrusted source. | |||||
| CVE-2018-2415 | 1 Sap | 2 J2ee Engine Server Core, Netweaver Java Web Container And Http Service Engine | 2024-11-21 | 4.3 MEDIUM | 4.7 MEDIUM |
| SAP NetWeaver Application Server Java Web Container and HTTP Service (Engine API, from 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; J2EE Engine Server Core 7.11, 7.30, 7.31, 7.40, 7.50) do not sufficiently encode user controlled inputs, resulting in a content spoofing vulnerability when error pages are displayed. | |||||
| CVE-2018-2413 | 1 Sap | 1 Disclosure Management | 2024-11-21 | 6.5 MEDIUM | 5.4 MEDIUM |
| SAP Disclosure Management 10.1 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | |||||
| CVE-2018-2412 | 1 Sap | 1 Disclosure Management | 2024-11-21 | 6.5 MEDIUM | 3.8 LOW |
| SAP Disclosure Management 10.1 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | |||||
| CVE-2018-2410 | 1 Sap | 1 Business One | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| SAP Business One, 9.2, 9.3, browser access does not sufficiently encode user controlled inputs, which results in a Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2018-2409 | 1 Sap | 1 Cloud Platform | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| Improper session management when using SAP Cloud Platform 2.0 (Connectivity Service and Cloud Connector). Under certain conditions, data of some other user may be shown or modified when using an application built on top of SAP Cloud Platform. | |||||
| CVE-2018-2408 | 1 Sap | 1 Businessobjects | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| Improper Session Management in SAP Business Objects, 4.0, from 4.10, from 4.20, 4.30, CMC/BI Launchpad/Fiorified BI Launchpad. In case of password change for a user, all other active sessions created using older password continues to be active. | |||||
| CVE-2018-2406 | 1 Sap | 1 Crystal Reports Server | 2024-11-21 | 4.6 MEDIUM | 5.3 MEDIUM |
| Unquoted windows search path (directory/path traversal) vulnerability in Crystal Reports Server, OEM Edition (CRSE), 4.0, 4.10, 4.20, 4.30, startup path. | |||||
| CVE-2018-2405 | 1 Sap | 1 Solution Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| SAP Solution Manager, 7.10, 7.20, Incident Management Work Center allows an attacker to upload a malicious script as an attachment and this could lead to possible Cross-Site Scripting. | |||||
| CVE-2018-2404 | 1 Sap | 1 Disclosure Management | 2024-11-21 | 7.5 HIGH | 4.3 MEDIUM |
| SAP Disclosure Management 10.1 allows an attacker to upload any file without proper file format validation. | |||||
| CVE-2018-2403 | 1 Sap | 1 Disclosure Management | 2024-11-21 | 4.0 MEDIUM | 5.4 MEDIUM |
| Under certain conditions, SAP Disclosure Management 10.1 allows an attacker to access information which would otherwise be restricted. It is possible for an authorized user to get SAP Disclosure Management to point a specific chapter type to a chapter the user has not been given access to. | |||||
| CVE-2018-2402 | 1 Sap | 1 Hana | 2024-11-21 | 3.5 LOW | 7.6 HIGH |
| In systems using the optional capture & replay functionality of SAP HANA, 1.00 and 2.00, (see SAP Note 2362820 for more information about capture & replay), user credentials may be stored in clear text in the indexserver trace files of the control system. An attacker with the required authorizations on the control system may be able to access the user credentials and gain unauthorized access to data in the captured or target system. | |||||
| CVE-2018-2399 | 1 Sap | 1 Process Monitoring Infrastructure | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-Site Scripting in Process Monitoring Infrastructure, from 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, due to inefficient encoding of user controlled inputs. | |||||
| CVE-2018-2398 | 1 Sap | 1 Business Client | 2024-11-21 | 5.0 MEDIUM | 6.7 MEDIUM |
| Under certain conditions SAP Business Client 6.5 allows an attacker to access information which would otherwise be restricted. | |||||
| CVE-2018-2397 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In SAP Business Objects Business Intelligence Platform, 4.00, 4.10, 4.20, 4.30, the Central Management Console (CMC) does not sufficiently encode user controlled inputs which results in Cross-Site Scripting. | |||||
| CVE-2018-2396 | 1 Sap | 1 Internet Graphics Server | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Under certain conditions a malicious user can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, using IGS Interpreter service. | |||||
| CVE-2018-2395 | 1 Sap | 1 Internet Graphics Server | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Under certain conditions a malicious user may retrieve information on SAP Internet Graphic Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, overwrite existing image or corrupt other type of files. | |||||
| CVE-2018-2394 | 1 Sap | 1 Internet Graphics Server | 2024-11-21 | 5.0 MEDIUM | 6.5 MEDIUM |
| Under certain conditions an unauthenticated malicious user can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, services and/or system files. | |||||
| CVE-2018-2393 | 1 Sap | 1 Internet Graphics Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Under certain conditions SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML External Entity appropriately causing the SAP Internet Graphics Server (IGS) to become unavailable. | |||||