Vulnerabilities > SAP > Enable NOW > 10
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-11 | CVE-2022-35297 | Unspecified vulnerability in SAP Enable NOW 10 The application SAP Enable Now does not sufficiently encode user-controlled inputs over the network before it is placed in the output being served to other users, thereby expanding the attack scope, resulting in Stored Cross-Site Scripting (XSS) vulnerability leading to limited impact on Confidentiality, Integrity and Availability. | 5.4 |
| 2020-03-10 | CVE-2020-6197 | Insufficient Session Expiration vulnerability in SAP Enable NOW 10/1902 SAP Enable Now, before version 1908, does not invalidate session tokens in a timely manner. | 3.3 |
| 2020-03-10 | CVE-2020-6178 | Information Exposure vulnerability in SAP Enable NOW 10/1902/1908 SAP Enable Now, before version 1911, sends the Session ID cookie value in URL. | 5.4 |
| 2019-12-11 | CVE-2019-0405 | Information Exposure vulnerability in SAP Enable NOW 10/1902/1908 SAP Enable Now, before version 1911, leaks information about the existence of a particular user which can be used to construct a list of users, leading to a user enumeration vulnerability and Information Disclosure. | 7.5 |
| 2019-12-11 | CVE-2019-0404 | Information Exposure Through an Error Message vulnerability in SAP Enable NOW 10/1902/1908 SAP Enable Now, before version 1911, leaks information about network configuration in the server error messages, leading to Information Disclosure. | 7.5 |
| 2019-12-11 | CVE-2019-0403 | Improper Neutralization of Formula Elements in a CSV File vulnerability in SAP Enable NOW 10/1902/1908 SAP Enable Now, before version 1911, allows an attacker to input commands into the CSV files, which will be executed when opened, leading to CSV Command Injection. | 9.8 |
| 2019-11-13 | CVE-2019-0385 | Cross-site Scripting vulnerability in SAP Enable NOW 10/1902 SAP Enable Now, before version 1908, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 6.5 |
| 2019-08-14 | CVE-2019-0340 | XXE vulnerability in SAP Enable NOW 10 The XML parser, which is being used by SAP Enable Now, before version 1902, has not been hardened correctly, leading to Missing XML Validation vulnerability. | 5.4 |