Vulnerabilities > SAP > Disclosure Management > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-13 | CVE-2022-41274 | Incorrect Authorization vulnerability in SAP Disclosure Management 10.1 SAP Disclosure Management - version 10.1, allows an authenticated attacker to exploit certain misconfigured application endpoints to read sensitive data. | 6.5 |
| 2020-12-09 | CVE-2020-26828 | Unrestricted Upload of File with Dangerous Type vulnerability in SAP Disclosure Management 10.1 SAP Disclosure Management, version - 10.1, provides capabilities for authorized users to upload and download content of specific file type. | 6.4 |
| 2020-07-14 | CVE-2020-6290 | Session Fixation vulnerability in SAP Disclosure Management 10.1 SAP Disclosure Management, version 10.1, is vulnerable to Session Fixation attacks wherein the attacker tricks the user into using a specific session ID. | 6.3 |
| 2020-07-14 | CVE-2020-6267 | Incorrect Permission Assignment for Critical Resource vulnerability in SAP Disclosure Management 10.1 Some sensitive cookies in SAP Disclosure Management, version 10.1, are missing HttpOnly flag, leading to sensitive cookie without Http Only flag. | 5.4 |
| 2020-01-14 | CVE-2020-6303 | Cross-site Scripting vulnerability in SAP Disclosure Management SAP Disclosure Management, before version 10.1, does not validate user input properly in specific use cases leading to Cross-Site Scripting. | 5.4 |
| 2019-02-15 | CVE-2019-0254 | Cross-site Scripting vulnerability in SAP Disclosure Management SAP Disclosure Management (before version 10.1 Stack 1301) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 5.4 |
| 2018-04-10 | CVE-2018-2403 | Unspecified vulnerability in SAP Disclosure Management 10.1 Under certain conditions, SAP Disclosure Management 10.1 allows an attacker to access information which would otherwise be restricted. | 6.5 |