Vulnerabilities > SAP > Disclosure Management

DATE CVE VULNERABILITY TITLE RISK
2019-02-15 CVE-2019-0254 Cross-site Scripting vulnerability in SAP Disclosure Management
SAP Disclosure Management (before version 10.1 Stack 1301) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
5.4
2018-11-13 CVE-2018-2487 Unspecified vulnerability in SAP Disclosure Management 10.1
SAP Disclosure Management 10.x allows an attacker to exploit through a specially crafted zip file provided by users: When extracted in specific use cases, files within this zip file can land in different locations than the originally intended extraction point.
network
high complexity
sap
8.3
2018-04-10 CVE-2018-2413 Missing Authorization vulnerability in SAP Disclosure Management 10.1
SAP Disclosure Management 10.1 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
network
low complexity
sap CWE-862
8.8
2018-04-10 CVE-2018-2412 Missing Authorization vulnerability in SAP Disclosure Management 10.1
SAP Disclosure Management 10.1 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
network
low complexity
sap CWE-862
8.8
2018-04-10 CVE-2018-2404 Unrestricted Upload of File with Dangerous Type vulnerability in SAP Disclosure Management 10.1
SAP Disclosure Management 10.1 allows an attacker to upload any file without proper file format validation.
network
low complexity
sap CWE-434
critical
9.8
2018-04-10 CVE-2018-2403 Unspecified vulnerability in SAP Disclosure Management 10.1
Under certain conditions, SAP Disclosure Management 10.1 allows an attacker to access information which would otherwise be restricted.
network
low complexity
sap
6.5