Vulnerabilities > SAP > Enable NOW
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-11 | CVE-2023-33988 | Cross-site Scripting vulnerability in SAP Enable NOW In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the Content-Security-Policy and X-XSS-Protection response headers are not implemented, allowing an unauthenticated attacker to attempt reflected cross-site scripting, which could result in disclosure or modification of information. | 6.1 |
| 2023-07-11 | CVE-2023-36918 | Cross-site Scripting vulnerability in SAP Enable NOW In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the X-Content-Type-Options response header is not implemented, allowing an unauthenticated attacker to trigger MIME type sniffing, which leads to Cross-Site Scripting, which could result in disclosure or modification of information. | 6.1 |
| 2023-07-11 | CVE-2023-36919 | Improper Encoding or Escaping of Output vulnerability in SAP Enable NOW In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the Referrer-Policy response header is not implemented, allowing an unauthenticated attacker to obtain referrer details, resulting in information disclosure. | 5.3 |
| 2022-10-11 | CVE-2022-35297 | Cross-site Scripting vulnerability in SAP Enable NOW 10 The application SAP Enable Now does not sufficiently encode user-controlled inputs over the network before it is placed in the output being served to other users, thereby expanding the attack scope, resulting in Stored Cross-Site Scripting (XSS) vulnerability leading to limited impact on Confidentiality, Integrity and Availability. | 5.4 |
| 2021-06-09 | CVE-2021-27637 | Unspecified vulnerability in SAP Enable NOW 1.0/10.0 Under certain conditions SAP Enable Now (SAP Workforce Performance Builder - Manager), versions - 1.0, 10 allows an attacker to access information which would otherwise be restricted leading to information disclosure. local sap | 1.9 |
| 2020-03-10 | CVE-2020-6197 | Insufficient Session Expiration vulnerability in SAP Enable NOW 1902 SAP Enable Now, before version 1908, does not invalidate session tokens in a timely manner. | 2.1 |
| 2020-03-10 | CVE-2020-6178 | Insufficient Session Expiration vulnerability in SAP Enable NOW 1902/1908 SAP Enable Now, before version 1911, sends the Session ID cookie value in URL. | 5.5 |
| 2019-12-11 | CVE-2019-0405 | Information Exposure vulnerability in SAP Enable NOW 1902/1908 SAP Enable Now, before version 1911, leaks information about the existence of a particular user which can be used to construct a list of users, leading to a user enumeration vulnerability and Information Disclosure. | 5.0 |
| 2019-12-11 | CVE-2019-0404 | Information Exposure Through an Error Message vulnerability in SAP Enable NOW 1902/1908 SAP Enable Now, before version 1911, leaks information about network configuration in the server error messages, leading to Information Disclosure. | 5.0 |
| 2019-12-11 | CVE-2019-0403 | Improper Neutralization of Formula Elements in a CSV File vulnerability in SAP Enable NOW 1902/1908 SAP Enable Now, before version 1911, allows an attacker to input commands into the CSV files, which will be executed when opened, leading to CSV Command Injection. | 7.5 |