Vulnerabilities > SAP

DATE CVE VULNERABILITY TITLE RISK
2018-01-09 CVE-2018-2362 Unspecified vulnerability in SAP Hana 1.00/2.00
A remote unauthenticated attacker, SAP HANA 1.00 and 2.00, could send specially crafted SOAP requests to the SAP Startup Service and disclose information such as the platform's hostname.
network
low complexity
sap
5.3
2018-01-09 CVE-2018-2361 Incorrect Authorization vulnerability in SAP Solution Manager 7.20
In SAP Solution Manager 7.20, the role SAP_BPO_CONFIG gives the Business Process Operations (BPO) configuration user more authorization than required for configuring the BPO tools.
network
low complexity
sap CWE-863
8.8
2018-01-09 CVE-2018-2360 Missing Authentication for Critical Function vulnerability in SAP Kernel 7.45/7.49/7.52
SAP Startup Service, SAP KERNEL 7.45, 7.49, and 7.52, is missing an authentication check for functionalities that require user identity and cause consumption of file system storage.
network
low complexity
sap CWE-306
7.5
2017-12-12 CVE-2017-16691 Improper Input Validation vulnerability in SAP Business Application Software Integrated Solution
SAP Note Assistant tool (SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31,7.40, from 7.50 to 7.52) supports upload of digitally signed note file of type 'SAR'.
network
low complexity
sap CWE-20
6.5
2017-12-12 CVE-2017-16690 Untrusted Search Path vulnerability in SAP Plant Connectivity 15.0/2.3
A malicious DLL preload attack possible on NwSapSetup and Installation self-extracting program for SAP Plant Connectivity 2.3 and 15.0.
local
low complexity
sap CWE-426
7.8
2017-12-12 CVE-2017-16689 Improper Authentication vulnerability in SAP Kernel
A Trusted RFC connection in SAP KERNEL 32NUC, SAP KERNEL 32Unicode, SAP KERNEL 64NUC, SAP KERNEL 64Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAP KERNEL from 7.21 to 7.22, 7.45, 7.49, can be established to a different client or a different user on the same system, although no explicit Trusted/Trusting Relation to the same system has been defined.
network
low complexity
sap CWE-287
8.8
2017-12-12 CVE-2017-16687 Information Exposure vulnerability in SAP Hana Database 1.00/2.00
The user self-service tools of SAP HANA extended application services, classic user self-service, a part of SAP HANA Database versions 1.00 and 2.00, can be misused to enumerate valid and invalid user accounts.
network
low complexity
sap CWE-200
5.3
2017-12-12 CVE-2017-16685 Cross-site Scripting vulnerability in SAP Business Warehouse Universal Data Integration
Cross-Site scripting (XSS) in SAP Business Warehouse Universal Data Integration, from 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, due to insufficient encoding of user controlled inputs.
network
low complexity
sap CWE-79
6.1
2017-12-12 CVE-2017-16684 Improper Authentication vulnerability in SAP Business Intelligence Promotion Management Application 4.10/4.20/4.30
SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, and 4.30, does not perform authentication checks for functionalities that require user identity.
network
low complexity
sap CWE-287
critical
9.8
2017-12-12 CVE-2017-16683 Unspecified vulnerability in SAP Businessobjects 4.10/4.20
Denial of Service (DOS) in SAP Business Objects Platform, Enterprise 4.10 and 4.20, that could allow an attacker to prevent legitimate users from accessing a service.
network
low complexity
sap
6.5