Vulnerabilities > SAP
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-02-14 | CVE-2018-2371 | Cross-site Scripting vulnerability in SAP Netweaver Java web Application 7.50 The SAML 2.0 service provider of SAP Netweaver AS Java Web Application, 7.50, does not sufficiently encode user controlled inputs, which results in Cross-Site Scripting (XSS) vulnerability. | 6.1 |
2018-02-14 | CVE-2018-2370 | Server-Side Request Forgery (SSRF) vulnerability in SAP BI Launchpad 4.10/4.20/4.30 Server Side Request Forgery (SSRF) vulnerability in SAP Central Management Console, BI Launchpad and Fiori BI Launchpad, 4.10, from 4.20, from 4.30, could allow a malicious user to use common techniques to determine which ports are in use on the backend server. | 5.3 |
2018-02-14 | CVE-2018-2369 | Unspecified vulnerability in SAP Hana 1.00/2.00 Under certain conditions SAP HANA, 1.00, 2.00, allows an unauthenticated attacker to access information which would otherwise be restricted. | 5.3 |
2018-02-14 | CVE-2018-2364 | Cross-site Scripting vulnerability in SAP products SAP CRM WebClient UI 7.01, 7.31, 7.46, 7.47, 7.48, 8.00, 8.01, S4FND 1.02, does not sufficiently validate and/or encode hidden fields, resulting in Cross-Site Scripting (XSS) vulnerability. | 6.1 |
2018-01-09 | CVE-2018-2363 | Code Injection vulnerability in SAP products SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, contains code that allows you to execute arbitrary program code of the user's choice. | 8.8 |
2018-01-09 | CVE-2018-2362 | Unspecified vulnerability in SAP Hana 1.00/2.00 A remote unauthenticated attacker, SAP HANA 1.00 and 2.00, could send specially crafted SOAP requests to the SAP Startup Service and disclose information such as the platform's hostname. | 5.3 |
2018-01-09 | CVE-2018-2361 | Incorrect Authorization vulnerability in SAP Solution Manager 7.20 In SAP Solution Manager 7.20, the role SAP_BPO_CONFIG gives the Business Process Operations (BPO) configuration user more authorization than required for configuring the BPO tools. | 8.8 |
2018-01-09 | CVE-2018-2360 | Missing Authentication for Critical Function vulnerability in SAP Kernel 7.45/7.49/7.52 SAP Startup Service, SAP KERNEL 7.45, 7.49, and 7.52, is missing an authentication check for functionalities that require user identity and cause consumption of file system storage. | 7.5 |
2017-12-12 | CVE-2017-16691 | Improper Input Validation vulnerability in SAP Business Application Software Integrated Solution SAP Note Assistant tool (SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31,7.40, from 7.50 to 7.52) supports upload of digitally signed note file of type 'SAR'. | 6.5 |
2017-12-12 | CVE-2017-16690 | Untrusted Search Path vulnerability in SAP Plant Connectivity 15.0/2.3 A malicious DLL preload attack possible on NwSapSetup and Installation self-extracting program for SAP Plant Connectivity 2.3 and 15.0. | 7.8 |