Vulnerabilities > SAP
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-13 | CVE-2018-2485 | Unspecified vulnerability in SAP Fiori Client It is possible for a malicious application or malware to execute JavaScript in a SAP Fiori application. | 7.7 |
| 2018-11-13 | CVE-2018-2483 | Improper Authentication vulnerability in SAP Businessobjects Business Intelligence 4.1/4.2 HTTP Verb Tampering is possible in SAP BusinessObjects Business Intelligence Platform, versions 4.1 and 4.2, Central Management Console (CMC) by changing request method. | 4.3 |
| 2018-11-13 | CVE-2018-2482 | Unspecified vulnerability in SAP Mobile Secure SAP Mobile Secure Android Application, Mobile-secure.apk Android client, before version 6.60.19942.0, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. | 7.5 |
| 2018-11-13 | CVE-2018-2481 | Improper Privilege Management vulnerability in SAP Advanced Business Application Programming In some SAP standard roles, in SAP_ABA versions, 7.00 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, 75C to 75D, a transaction code reserved for customer is used. | 7.2 |
| 2018-11-13 | CVE-2018-2479 | Cross-site Scripting vulnerability in SAP Businessobjects BI Platform 4.1/4.2 SAP BusinessObjects Business Intelligence Platform (BIWorkspace), versions 4.1 and 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 6.1 |
| 2018-11-13 | CVE-2018-2478 | Unspecified vulnerability in SAP Basis An attacker can use specially crafted inputs to execute commands on the host of a TREX / BWA installation, SAP Basis, versions: 7.0 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40 and 7.50 to 7.53. | 7.2 |
| 2018-11-13 | CVE-2018-2477 | XML Injection (aka Blind XPath Injection) vulnerability in SAP Netweaver Knowledge Management (XMLForms) in SAP NetWeaver, versions 7.30, 7.31, 7.40 and 7.50 does not sufficiently validate an XML document accepted from an untrusted source. | 8.8 |
| 2018-11-13 | CVE-2018-2476 | Open Redirect vulnerability in SAP Netweaver 7.30/7.31/7.40 Due to insufficient URL Validation in forums in SAP NetWeaver versions 7.30, 7.31, 7.40, an attacker can redirect users to a malicious site. | 6.1 |
| 2018-11-13 | CVE-2018-2473 | Unspecified vulnerability in SAP Businessobjects Business Intelligence 4.1/4.2 SAP BusinessObjects Business Intelligence Platform Server, versions 4.1 and 4.2, when using Web Intelligence Richclient 3 tiers mode gateway allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. | 6.5 |
| 2018-10-09 | CVE-2018-2474 | Cross-Site Request Forgery (CSRF) vulnerability in SAP Fiori 1.0 SAP Fiori 1.0 for SAP ERP HCM (Approve Leave Request, version 2) application allows an attacker to trick an authenticated user to send unintended request to the web server. | 6.5 |