Vulnerabilities > SAP > Enable NOW

DATE CVE VULNERABILITY TITLE RISK
2024-07-09 CVE-2024-34692 Unrestricted Upload of File with Dangerous Type vulnerability in SAP Enable NOW
Due to missing verification of file type or content, SAP Enable Now allows an authenticated attacker to upload arbitrary files.
network
low complexity
sap CWE-434
4.6
2023-07-11 CVE-2023-33988 Cross-site Scripting vulnerability in SAP Enable NOW
In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the Content-Security-Policy and X-XSS-Protection response headers are not implemented, allowing an unauthenticated attacker to attempt reflected cross-site scripting, which could result in disclosure or modification of information.
network
low complexity
sap CWE-79
6.1
2023-07-11 CVE-2023-36918 Cross-site Scripting vulnerability in SAP Enable NOW
In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the X-Content-Type-Options response header is not implemented, allowing an unauthenticated attacker to trigger MIME type sniffing, which leads to Cross-Site Scripting, which could result in disclosure or modification of information.
network
low complexity
sap CWE-79
6.1
2023-07-11 CVE-2023-36919 Intentional Information Exposure vulnerability in SAP Enable NOW
In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the Referrer-Policy response header is not implemented, allowing an unauthenticated attacker to obtain referrer details, resulting in information disclosure.
network
low complexity
sap CWE-213
5.3
2022-10-11 CVE-2022-35297 Cross-site Scripting vulnerability in SAP Enable NOW 10
The application SAP Enable Now does not sufficiently encode user-controlled inputs over the network before it is placed in the output being served to other users, thereby expanding the attack scope, resulting in Stored Cross-Site Scripting (XSS) vulnerability leading to limited impact on Confidentiality, Integrity and Availability.
network
low complexity
sap CWE-79
5.4
2021-06-09 CVE-2021-27637 Unspecified vulnerability in SAP Enable NOW 1.0/10.0
Under certain conditions SAP Enable Now (SAP Workforce Performance Builder - Manager), versions - 1.0, 10 allows an attacker to access information which would otherwise be restricted leading to information disclosure.
low complexity
sap
4.6
2020-03-10 CVE-2020-6197 Insufficient Session Expiration vulnerability in SAP Enable NOW 10/1902
SAP Enable Now, before version 1908, does not invalidate session tokens in a timely manner.
local
low complexity
sap CWE-613
3.3
2020-03-10 CVE-2020-6178 Information Exposure vulnerability in SAP Enable NOW 10/1902/1908
SAP Enable Now, before version 1911, sends the Session ID cookie value in URL.
network
low complexity
sap CWE-200
5.4
2019-12-11 CVE-2019-0405 Information Exposure vulnerability in SAP Enable NOW 10/1902/1908
SAP Enable Now, before version 1911, leaks information about the existence of a particular user which can be used to construct a list of users, leading to a user enumeration vulnerability and Information Disclosure.
network
low complexity
sap CWE-200
7.5
2019-12-11 CVE-2019-0404 Information Exposure Through an Error Message vulnerability in SAP Enable NOW 10/1902/1908
SAP Enable Now, before version 1911, leaks information about network configuration in the server error messages, leading to Information Disclosure.
network
low complexity
sap CWE-209
7.5