Vulnerabilities > SAP > Enable NOW > 1902
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-10 | CVE-2020-6197 | Insufficient Session Expiration vulnerability in SAP Enable NOW 10/1902 SAP Enable Now, before version 1908, does not invalidate session tokens in a timely manner. | 3.3 |
| 2020-03-10 | CVE-2020-6178 | Information Exposure vulnerability in SAP Enable NOW 10/1902/1908 SAP Enable Now, before version 1911, sends the Session ID cookie value in URL. | 5.4 |
| 2019-12-11 | CVE-2019-0405 | Information Exposure vulnerability in SAP Enable NOW 10/1902/1908 SAP Enable Now, before version 1911, leaks information about the existence of a particular user which can be used to construct a list of users, leading to a user enumeration vulnerability and Information Disclosure. | 7.5 |
| 2019-12-11 | CVE-2019-0404 | Information Exposure Through an Error Message vulnerability in SAP Enable NOW 10/1902/1908 SAP Enable Now, before version 1911, leaks information about network configuration in the server error messages, leading to Information Disclosure. | 7.5 |
| 2019-12-11 | CVE-2019-0403 | Improper Neutralization of Formula Elements in a CSV File vulnerability in SAP Enable NOW 10/1902/1908 SAP Enable Now, before version 1911, allows an attacker to input commands into the CSV files, which will be executed when opened, leading to CSV Command Injection. | 9.8 |
| 2019-11-13 | CVE-2019-0385 | Cross-site Scripting vulnerability in SAP Enable NOW 10/1902 SAP Enable Now, before version 1908, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 6.5 |
| 2019-08-14 | CVE-2019-0341 | Incorrect Permission Assignment for Critical Resource vulnerability in SAP Enable NOW 1902 The session cookie used by SAP Enable Now, version 1902, does not have the HttpOnly flag set. | 8.8 |