Vulnerabilities > SAP

DATE CVE VULNERABILITY TITLE RISK
2018-07-10 CVE-2018-2427 Code Injection vulnerability in SAP products
SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, and SAP Crystal Reports (version for Visual Studio .NET, Version 2010) allows an attacker to inject code that can be executed by the application.
network
low complexity
sap CWE-94
8.8
2018-06-12 CVE-2018-2428 Unspecified vulnerability in SAP Infrastructure and UI
Under certain conditions SAP UI5 Handler allows an attacker to access information which would otherwise be restricted.
network
low complexity
sap
5.3
2018-06-12 CVE-2018-2425 Unspecified vulnerability in SAP Business ONE 9.2/9.3
Under certain conditions, SAP Business One, 9.2, 9.3, for SAP HANA backup service allows an attacker to access information which would otherwise be restricted.
local
low complexity
sap
5.5
2018-06-12 CVE-2018-2424 Improper Input Validation vulnerability in SAP products
SAP UI5 did not validate user input before adding it to the DOM structure.
network
low complexity
sap CWE-20
7.5
2018-05-24 CVE-2018-11415 Cross-site Scripting vulnerability in SAP Internet Transaction Server 6.20
SAP Internet Transaction Server (ITS) 6200.X.X has Reflected Cross Site Scripting (XSS) via certain wgate URIs.
network
low complexity
sap CWE-79
6.1
2018-05-09 CVE-2018-2423 Unspecified vulnerability in SAP Internet Graphics Server
SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, HTTP and RFC listener allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.
network
low complexity
sap
7.5
2018-05-09 CVE-2018-2422 Unspecified vulnerability in SAP Internet Graphics Server
SAP Internet Graphics Server (IGS) Portwatcher, 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.
network
low complexity
sap
7.5
2018-05-09 CVE-2018-2421 Unspecified vulnerability in SAP Internet Graphics Server
SAP Internet Graphics Server (IGS) Portwatcher, 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.
network
low complexity
sap
7.5
2018-05-09 CVE-2018-2420 Unrestricted Upload of File with Dangerous Type vulnerability in SAP Internet Graphics Server
SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to upload any file (including script files) without proper file format validation.
network
low complexity
sap CWE-434
critical
9.8
2018-05-09 CVE-2018-2419 Missing Authorization vulnerability in SAP Ea-Finserv, S4Core and Sapscore
SAP Enterprise Financial Services (SAPSCORE 1.11, 1.12; S4CORE 1.01, 1.02; EA-FINSERV 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
network
low complexity
sap CWE-862
4.6