Vulnerabilities > SAP
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-10 | CVE-2018-2413 | Missing Authorization vulnerability in SAP Disclosure Management 10.1 SAP Disclosure Management 10.1 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 8.8 |
| 2018-04-10 | CVE-2018-2412 | Missing Authorization vulnerability in SAP Disclosure Management 10.1 SAP Disclosure Management 10.1 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 8.8 |
| 2018-04-10 | CVE-2018-2410 | Cross-site Scripting vulnerability in SAP Business ONE 9.2/9.3 SAP Business One, 9.2, 9.3, browser access does not sufficiently encode user controlled inputs, which results in a Cross-Site Scripting (XSS) vulnerability. | 5.4 |
| 2018-04-10 | CVE-2018-2409 | Session Fixation vulnerability in SAP Cloud Platform 2.0 Improper session management when using SAP Cloud Platform 2.0 (Connectivity Service and Cloud Connector). | 8.8 |
| 2018-04-10 | CVE-2018-2408 | Session Fixation vulnerability in SAP Businessobjects Improper Session Management in SAP Business Objects, 4.0, from 4.10, from 4.20, 4.30, CMC/BI Launchpad/Fiorified BI Launchpad. | 7.3 |
| 2018-04-10 | CVE-2018-2406 | Unquoted Search Path or Element vulnerability in SAP Crystal Reports Server Unquoted windows search path (directory/path traversal) vulnerability in Crystal Reports Server, OEM Edition (CRSE), 4.0, 4.10, 4.20, 4.30, startup path. | 5.3 |
| 2018-04-10 | CVE-2018-2405 | Cross-site Scripting vulnerability in SAP Solution Manager 7.10/7.20 SAP Solution Manager, 7.10, 7.20, Incident Management Work Center allows an attacker to upload a malicious script as an attachment and this could lead to possible Cross-Site Scripting. | 5.4 |
| 2018-04-10 | CVE-2018-2404 | Unrestricted Upload of File with Dangerous Type vulnerability in SAP Disclosure Management 10.1 SAP Disclosure Management 10.1 allows an attacker to upload any file without proper file format validation. | 9.8 |
| 2018-04-10 | CVE-2018-2403 | Unspecified vulnerability in SAP Disclosure Management 10.1 Under certain conditions, SAP Disclosure Management 10.1 allows an attacker to access information which would otherwise be restricted. | 6.5 |
| 2018-03-14 | CVE-2018-2402 | Information Exposure vulnerability in SAP Hana 1.00/2.00 In systems using the optional capture & replay functionality of SAP HANA, 1.00 and 2.00, (see SAP Note 2362820 for more information about capture & replay), user credentials may be stored in clear text in the indexserver trace files of the control system. | 8.4 |