Vulnerabilities > SAP > Enable NOW > 10

DATE CVE VULNERABILITY TITLE RISK
2022-10-11 CVE-2022-35297 Unspecified vulnerability in SAP Enable NOW 10
The application SAP Enable Now does not sufficiently encode user-controlled inputs over the network before it is placed in the output being served to other users, thereby expanding the attack scope, resulting in Stored Cross-Site Scripting (XSS) vulnerability leading to limited impact on Confidentiality, Integrity and Availability.
network
low complexity
sap
5.4
2020-03-10 CVE-2020-6197 Insufficient Session Expiration vulnerability in SAP Enable NOW 10/1902
SAP Enable Now, before version 1908, does not invalidate session tokens in a timely manner.
local
low complexity
sap CWE-613
3.3
2020-03-10 CVE-2020-6178 Information Exposure vulnerability in SAP Enable NOW 10/1902/1908
SAP Enable Now, before version 1911, sends the Session ID cookie value in URL.
network
low complexity
sap CWE-200
5.4
2019-12-11 CVE-2019-0405 Information Exposure vulnerability in SAP Enable NOW 10/1902/1908
SAP Enable Now, before version 1911, leaks information about the existence of a particular user which can be used to construct a list of users, leading to a user enumeration vulnerability and Information Disclosure.
network
low complexity
sap CWE-200
7.5
2019-12-11 CVE-2019-0404 Information Exposure Through an Error Message vulnerability in SAP Enable NOW 10/1902/1908
SAP Enable Now, before version 1911, leaks information about network configuration in the server error messages, leading to Information Disclosure.
network
low complexity
sap CWE-209
7.5
2019-12-11 CVE-2019-0403 Improper Neutralization of Formula Elements in a CSV File vulnerability in SAP Enable NOW 10/1902/1908
SAP Enable Now, before version 1911, allows an attacker to input commands into the CSV files, which will be executed when opened, leading to CSV Command Injection.
network
low complexity
sap CWE-1236
critical
9.8
2019-11-13 CVE-2019-0385 Cross-site Scripting vulnerability in SAP Enable NOW 10/1902
SAP Enable Now, before version 1908, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
6.5
2019-08-14 CVE-2019-0340 XXE vulnerability in SAP Enable NOW 10
The XML parser, which is being used by SAP Enable Now, before version 1902, has not been hardened correctly, leading to Missing XML Validation vulnerability.
network
low complexity
sap CWE-611
5.4