Vulnerabilities > SAP
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-14 | CVE-2018-2446 | Unspecified vulnerability in SAP Businessobjects Business Intelligence 4.1/4.2 Admin tools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allow an unauthenticated user to read sensitive information (server name), hence leading to an information disclosure. | 7.5 |
| 2018-08-14 | CVE-2018-2445 | Server-Side Request Forgery (SSRF) vulnerability in SAP Businessobjects Business Intelligence 4.1/4.2 AdminTools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application, resulting in a Server-Side Request Forgery (SSRF) vulnerability. | 9.6 |
| 2018-08-14 | CVE-2018-2444 | Cross-site Scripting vulnerability in SAP Businessobjects Financial Consolidation 10.0/10.1 SAP BusinessObjects Financial Consolidation, versions 10.0, 10.1, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 6.1 |
| 2018-08-14 | CVE-2018-2442 | Cross-Site Request Forgery (CSRF) vulnerability in SAP products In SAP BusinessObjects Business Intelligence, versions 4.0, 4.1 and 4.2, while viewing a Web Intelligence report from BI Launchpad, the user session details captured by an HTTP analysis tool could be reused in a HTML page while the user session is still valid. | 8.8 |
| 2018-08-14 | CVE-2018-2441 | Unspecified vulnerability in SAP Kernel Under certain conditions the SAP Change and Transport System (ABAP), SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49, 7.53 and 7.73, allows an attacker to transport information which would otherwise be restricted. | 5.5 |
| 2018-08-02 | CVE-2017-16349 | XXE vulnerability in SAP Business Planning and Consolidation An exploitable XML external entity vulnerability exists in the reporting functionality of SAP BPC. | 8.1 |
| 2018-07-10 | CVE-2018-2440 | Information Exposure Through Log Files vulnerability in SAP Dynamic Authorization Management 7.7/8.5 Under certain circumstances SAP Dynamic Authorization Management (DAM) by NextLabs (Java Policy Controller versions 7.7 and 8.5) exposes sensitive information in the application logs. | 4.4 |
| 2018-07-10 | CVE-2018-2439 | Improper Input Validation vulnerability in SAP Internet Graphics Server The SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, has insufficient request validation (for example, where the request is validated for authenticity and validity) and under certain conditions, will process invalid requests. | 5.9 |
| 2018-07-10 | CVE-2018-2438 | Unspecified vulnerability in SAP Internet Graphics Server The SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, has several denial-of-service vulnerabilities that allow an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. | 7.5 |
| 2018-07-10 | CVE-2018-2437 | Unspecified vulnerability in SAP Internet Graphics Server The SAP Internet Graphics Service (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to externally trigger IGS command executions which can lead to: disclosure of information and malicious file insertion or modification. | 9.1 |