Vulnerabilities > SAP > Identity Management

DATE CVE VULNERABILITY TITLE RISK
2020-05-12 CVE-2020-6258 Missing Authorization vulnerability in SAP Identity Management 8.0
SAP Identity Management, version 8.0, does not perform necessary authorization checks for an authenticated user, allowing the attacker to view certain sensitive information of the victim, leading to Missing Authorization Check.
network
low complexity
sap CWE-862
4.0
2019-05-14 CVE-2019-0301 Improper Privilege Management vulnerability in SAP Identity Management 2.0
Under certain conditions, it is possible to request the modification of role or privilege assignments through SAP Identity Management REST Interface Version 2, which would otherwise be restricted only for viewing.
network
low complexity
sap CWE-269
6.5
2018-05-09 CVE-2018-2417 Unspecified vulnerability in SAP Identity Management 8.0
Under certain conditions, the SAP Identity Management 8.0 (pass of type ToASCII) allows an attacker to access information which would otherwise be restricted.
network
low complexity
sap
5.0
2018-05-09 CVE-2018-2416 Improper Input Validation vulnerability in SAP Identity Management 7.2/8.0
SAP Identity Management 7.2 and 8.0 do not sufficiently validate an XML document accepted from an untrusted source.
network
low complexity
sap CWE-20
5.5