Vulnerabilities > SAP > Enable NOW
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-11-13 | CVE-2019-0385 | Cross-site Scripting vulnerability in SAP Enable NOW 1902 SAP Enable Now, before version 1908, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 3.5 |
2019-08-14 | CVE-2019-0341 | Incorrect Permission Assignment for Critical Resource vulnerability in SAP Enable NOW 1902 The session cookie used by SAP Enable Now, version 1902, does not have the HttpOnly flag set. | 4.0 |
2019-08-14 | CVE-2019-0340 | XXE vulnerability in SAP Enable NOW The XML parser, which is being used by SAP Enable Now, before version 1902, has not been hardened correctly, leading to Missing XML Validation vulnerability. | 5.5 |