Vulnerabilities > SAP
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-14 | CVE-2018-2399 | Cross-site Scripting vulnerability in SAP Process Monitoring Infrastructure Cross-Site Scripting in Process Monitoring Infrastructure, from 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, due to inefficient encoding of user controlled inputs. | 6.1 |
| 2018-03-14 | CVE-2018-2398 | Unspecified vulnerability in SAP Business Client 6.5 Under certain conditions SAP Business Client 6.5 allows an attacker to access information which would otherwise be restricted. | 7.5 |
| 2018-03-14 | CVE-2018-2397 | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform In SAP Business Objects Business Intelligence Platform, 4.00, 4.10, 4.20, 4.30, the Central Management Console (CMC) does not sufficiently encode user controlled inputs which results in Cross-Site Scripting. | 5.4 |
| 2018-03-01 | CVE-2018-2380 | Path Traversal vulnerability in SAP Customer Relationship Management SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs. | 6.6 |
| 2018-03-01 | CVE-2018-2368 | Missing Authentication for Critical Function vulnerability in SAP Netweaver System Landscape Directory SAP NetWeaver System Landscape Directory, LM-CORE 7.10, 7.20, 7.30, 7.31, 7.40, does not perform any authentication checks for functionalities that require user identity. | 9.8 |
| 2018-03-01 | CVE-2018-2367 | Path Traversal vulnerability in SAP Business Application Software Integrated Solution ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs. | 8.8 |
| 2018-03-01 | CVE-2018-2365 | Cross-site Scripting vulnerability in SAP Netweaver Portal SAP NetWeaver Portal, WebDynpro Java, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 6.1 |
| 2018-02-14 | CVE-2018-2396 | Unspecified vulnerability in SAP Internet Graphics Server Under certain conditions a malicious user can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, using IGS Interpreter service. | 6.5 |
| 2018-02-14 | CVE-2018-2395 | Unspecified vulnerability in SAP Internet Graphics Server Under certain conditions a malicious user may retrieve information on SAP Internet Graphic Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, overwrite existing image or corrupt other type of files. | 8.8 |
| 2018-02-14 | CVE-2018-2394 | Unspecified vulnerability in SAP Internet Graphics Server Under certain conditions an unauthenticated malicious user can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, services and/or system files. | 6.5 |