Vulnerabilities > SAP > Business Intelligence Promotion Management Application

DATE CVE VULNERABILITY TITLE RISK
2017-12-12 CVE-2017-16684 Improper Authentication vulnerability in SAP Business Intelligence Promotion Management Application 4.10/4.20/4.30
SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, and 4.30, does not perform authentication checks for functionalities that require user identity.
network
low complexity
sap CWE-287
critical
 9.8
9.8
2017-12-12 CVE-2017-16681 Cross-site Scripting vulnerability in SAP Business Intelligence Promotion Management Application 4.10/4.20/4.30
Cross-Site Scripting (XSS) vulnerability in SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, 4.30, as user controlled inputs are not sufficiently encoded.
network
low complexity
sap CWE-79
6.1
6.1