Vulnerabilities > SAP

DATE CVE VULNERABILITY TITLE RISK
2018-10-09 CVE-2018-2472 Cross-site Scripting vulnerability in SAP Businessobjects BI Platform 4.1/4.2
SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 (Web Intelligence DHTML client) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
6.1
2018-10-09 CVE-2018-2471 Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 4.10/4.20
Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 allows an attacker to access information which would otherwise be restricted.
network
low complexity
sap
7.5
2018-10-09 CVE-2018-2470 Cross-site Scripting vulnerability in SAP Netweaver
In SAP NetWeaver Application Server for ABAP, from 7.0 to 7.02, 7.30, 7.31, 7.40 and from 7.50 to 7.53, applications do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
6.1
2018-10-09 CVE-2018-2469 Unspecified vulnerability in SAP Adaptive Server Enterprise 15.7/16.0
Under certain conditions SAP Adaptive Server Enterprise (ASE), versions 15.7 and 16.0, allows an attacker to access information which would otherwise be restricted.
network
low complexity
sap
7.5
2018-10-09 CVE-2018-2468 Unspecified vulnerability in SAP Adaptive Server Enterprise 15.7/16.0
Under certain conditions the backup server in SAP Adaptive Server Enterprise (ASE), versions 15.7 and 16.0, allows an attacker to access information which would otherwise be restricted.
network
low complexity
sap
7.5
2018-10-09 CVE-2018-2467 Unspecified vulnerability in SAP Businessobjects BI Platform 4.1/4.2
In the Software Development Kit in SAP BusinessObjects BI Platform Servers, versions 4.1 and 4.2, using the specially crafted URL in a Web Browser such as Chrome the system returns an error with the path of the used application server.
network
low complexity
sap
5.3
2018-10-09 CVE-2018-2466 Cross-site Scripting vulnerability in SAP Data Services 4.2
In Impact and Lineage Analysis in SAP Data Services, version 4.2, the management console does not sufficiently validate user-controlled inputs, which results in Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
5.4
2018-09-11 CVE-2018-2465 Improper Input Validation vulnerability in SAP Hana 1.0/2.0
SAP HANA (versions 1.0 and 2.0) Extended Application Services classic model OData parser does not sufficiently validate XML.
network
low complexity
sap CWE-20
7.5
2018-09-11 CVE-2018-2464 Cross-site Scripting vulnerability in SAP Netweaver
SAP WebDynpro Java, versions 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
6.1
2018-09-11 CVE-2018-2463 Server-Side Request Forgery (SSRF) vulnerability in SAP Hybris
The Omni Commerce Connect API (OCC) of SAP Hybris Commerce, versions 6.*, is vulnerable to server-side request forgery (SSRF) attacks.
network
low complexity
sap CWE-918
8.6