Vulnerabilities > SAP > Disclosure Management > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-12-13 CVE-2022-41274 Incorrect Authorization vulnerability in SAP Disclosure Management 10.1
SAP Disclosure Management - version 10.1, allows an authenticated attacker to exploit certain misconfigured application endpoints to read sensitive data.
network
low complexity
sap CWE-863
6.5
2020-12-09 CVE-2020-26828 Unrestricted Upload of File with Dangerous Type vulnerability in SAP Disclosure Management 10.1
SAP Disclosure Management, version - 10.1, provides capabilities for authorized users to upload and download content of specific file type.
network
low complexity
sap CWE-434
6.4
2020-07-14 CVE-2020-6290 Session Fixation vulnerability in SAP Disclosure Management 10.1
SAP Disclosure Management, version 10.1, is vulnerable to Session Fixation attacks wherein the attacker tricks the user into using a specific session ID.
network
low complexity
sap CWE-384
6.3
2020-07-14 CVE-2020-6267 Incorrect Permission Assignment for Critical Resource vulnerability in SAP Disclosure Management 10.1
Some sensitive cookies in SAP Disclosure Management, version 10.1, are missing HttpOnly flag, leading to sensitive cookie without Http Only flag.
network
low complexity
sap CWE-732
5.4
2020-01-14 CVE-2020-6303 Cross-site Scripting vulnerability in SAP Disclosure Management
SAP Disclosure Management, before version 10.1, does not validate user input properly in specific use cases leading to Cross-Site Scripting.
network
low complexity
sap CWE-79
5.4
2019-02-15 CVE-2019-0254 Cross-site Scripting vulnerability in SAP Disclosure Management
SAP Disclosure Management (before version 10.1 Stack 1301) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
5.4
2018-04-10 CVE-2018-2403 Unspecified vulnerability in SAP Disclosure Management 10.1
Under certain conditions, SAP Disclosure Management 10.1 allows an attacker to access information which would otherwise be restricted.
network
low complexity
sap
6.5