Vulnerabilities > SAP

DATE CVE VULNERABILITY TITLE RISK
2018-09-11 CVE-2018-2462 Improper Input Validation vulnerability in SAP Netweaver
In certain cases, BEx Web Java Runtime Export Web Service in SAP NetWeaver BI 7.30, 7.31.
network
low complexity
sap CWE-20
8.8
2018-09-11 CVE-2018-2461 Missing Authorization vulnerability in SAP People Profile 6.0
Missing authorization check in SAP HCM Fiori "People Profile" (GBX01 HR version 6.0) for an authenticated user which may result in an escalation of privileges.
network
low complexity
sap CWE-862
8.8
2018-09-11 CVE-2018-2460 Improper Certificate Validation vulnerability in SAP Business ONE 1.2
SAP Business One Android application, version 1.2, does not verify the certificate properly for HTTPS connection.
network
high complexity
sap CWE-295
5.9
2018-09-11 CVE-2018-2459 Unspecified vulnerability in SAP Mobile Platform 3.0
Users of an SAP Mobile Platform (version 3.0) Offline OData application, which uses Offline OData-supplied delta tokens (which is on by default), occasionally receive some data values of a different user.
network
low complexity
sap
7.5
2018-09-11 CVE-2018-2458 Unspecified vulnerability in SAP Business ONE 9.2/9.3
Under certain conditions, Crystal Report using SAP Business One, versions 9.2 and 9.3, connection type allows an attacker to access information which would otherwise be restricted.
network
low complexity
sap
7.5
2018-09-11 CVE-2018-2457 Unspecified vulnerability in SAP Adaptive Server Enterprise 16.0
Under certain conditions SAP Adaptive Server Enterprise, version 16.0, allows some privileged users to access information which would otherwise be restricted.
network
low complexity
sap
6.5
2018-09-11 CVE-2018-2455 Missing Authorization vulnerability in SAP Enterprise Financial Services
SAP Enterprise Financial Services, versions 6.05, 6.06, 6.16, 6.17, 6.18, 8.0 (in business function EAFS_BCA_BUSOPR_SEPA) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
network
low complexity
sap CWE-862
8.8
2018-09-11 CVE-2018-2454 Missing Authorization vulnerability in SAP Enterprise Financial Services
SAP Enterprise Financial Services, versions 6.05, 6.06, 6.16, 6.17, 6.18, 8.0 (in business function EAFS_BCA_BUSOPR_2) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
network
low complexity
sap CWE-862
8.8
2018-09-11 CVE-2018-2452 Cross-site Scripting vulnerability in SAP Netweaver Application Server Java
The logon application of SAP NetWeaver AS Java 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user-controlled inputs, resulting in a cross-site scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
6.1
2018-08-14 CVE-2018-2451 Insufficient Session Expiration vulnerability in SAP Hana Extended Application Services 1.0
XS Command-Line Interface (CLI) user sessions with the SAP HANA Extended Application Services (XS), version 1, advanced server may have an unintentional prolonged period of validity.
network
high complexity
sap CWE-613
6.6