Vulnerabilities > SAP

DATE CVE VULNERABILITY TITLE RISK
2018-11-13 CVE-2018-2485 Unspecified vulnerability in SAP Fiori Client
It is possible for a malicious application or malware to execute JavaScript in a SAP Fiori application.
local
low complexity
sap
7.7
2018-11-13 CVE-2018-2483 Improper Authentication vulnerability in SAP Businessobjects Business Intelligence 4.1/4.2
HTTP Verb Tampering is possible in SAP BusinessObjects Business Intelligence Platform, versions 4.1 and 4.2, Central Management Console (CMC) by changing request method.
network
low complexity
sap CWE-287
4.3
2018-11-13 CVE-2018-2482 Unspecified vulnerability in SAP Mobile Secure
SAP Mobile Secure Android Application, Mobile-secure.apk Android client, before version 6.60.19942.0, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.
network
low complexity
sap
7.5
2018-11-13 CVE-2018-2481 Improper Privilege Management vulnerability in SAP Advanced Business Application Programming
In some SAP standard roles, in SAP_ABA versions, 7.00 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, 75C to 75D, a transaction code reserved for customer is used.
network
low complexity
sap CWE-269
7.2
2018-11-13 CVE-2018-2479 Cross-site Scripting vulnerability in SAP Businessobjects BI Platform 4.1/4.2
SAP BusinessObjects Business Intelligence Platform (BIWorkspace), versions 4.1 and 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
6.1
2018-11-13 CVE-2018-2478 Unspecified vulnerability in SAP Basis
An attacker can use specially crafted inputs to execute commands on the host of a TREX / BWA installation, SAP Basis, versions: 7.0 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40 and 7.50 to 7.53.
network
low complexity
sap
7.2
2018-11-13 CVE-2018-2477 XML Injection (aka Blind XPath Injection) vulnerability in SAP Netweaver
Knowledge Management (XMLForms) in SAP NetWeaver, versions 7.30, 7.31, 7.40 and 7.50 does not sufficiently validate an XML document accepted from an untrusted source.
network
low complexity
sap CWE-91
8.8
2018-11-13 CVE-2018-2476 Open Redirect vulnerability in SAP Netweaver 7.30/7.31/7.40
Due to insufficient URL Validation in forums in SAP NetWeaver versions 7.30, 7.31, 7.40, an attacker can redirect users to a malicious site.
network
low complexity
sap CWE-601
6.1
2018-11-13 CVE-2018-2473 Unspecified vulnerability in SAP Businessobjects Business Intelligence 4.1/4.2
SAP BusinessObjects Business Intelligence Platform Server, versions 4.1 and 4.2, when using Web Intelligence Richclient 3 tiers mode gateway allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.
network
low complexity
sap
6.5
2018-10-09 CVE-2018-2474 Cross-Site Request Forgery (CSRF) vulnerability in SAP Fiori 1.0
SAP Fiori 1.0 for SAP ERP HCM (Approve Leave Request, version 2) application allows an attacker to trick an authenticated user to send unintended request to the web server.
network
low complexity
sap CWE-352
6.5