Vulnerabilities > SAP

DATE CVE VULNERABILITY TITLE RISK
2017-12-03 CVE-2017-14516 Cross-site Scripting vulnerability in SAP Businessobjects Financial Consolidation
Cross-Site Scripting (XSS) exists in SAP Business Objects Financial Consolidation before 2017-06-13, aka SAP Security Note 2422292.
network
low complexity
sap CWE-79
6.1
2017-10-16 CVE-2017-15297 Improper Authentication vulnerability in SAP Host Agent 7.21
SAP Hostcontrol does not require authentication for the SOAP SAPControl endpoint.
network
low complexity
sap CWE-287
7.5
2017-10-16 CVE-2017-15296 Cross-Site Request Forgery (CSRF) vulnerability in SAP Customer Relationship Management
The Java component in SAP CRM has CSRF.
network
low complexity
sap CWE-352
8.8
2017-10-16 CVE-2017-15295 Improper Authentication vulnerability in SAP Point of Sale Xpress Server 1020/1030
Xpress Server in SAP POS does not require authentication for read/write/delete file access.
network
low complexity
sap CWE-287
critical
9.8
2017-10-16 CVE-2017-15294 Cross-site Scripting vulnerability in SAP Customer Relationship Management
The Java administration console in SAP CRM has XSS.
network
low complexity
sap CWE-79
6.1
2017-10-16 CVE-2017-15293 Improper Authentication vulnerability in SAP Point of Sale Xpress Server 1020/1030
Xpress Server in SAP POS does not require authentication for file read and erase operations, daemon shutdown, terminal read operations, or certain attacks on credentials.
network
low complexity
sap CWE-287
critical
9.8
2017-09-29 CVE-2017-10701 Cross-site Scripting vulnerability in SAP Enterprise Portal
Cross site scripting (XSS) vulnerability in SAP Enterprise Portal 7.50 allows remote attackers to inject arbitrary web script or HTML, aka SAP Security Notes 2469860, 2471209, and 2488516.
network
low complexity
sap CWE-79
6.1
2017-09-19 CVE-2017-14581 Unspecified vulnerability in SAP Netweaver Application Server Java
The Host Control web service in SAP NetWeaver AS JAVA 7.0 through 7.5 allows remote attackers to cause a denial of service (service crash) via a crafted request, aka SAP Security Note 2389181.
network
low complexity
sap
7.5
2017-09-17 CVE-2017-14511 Improper Input Validation vulnerability in SAP E-Recruiting
An issue was discovered in SAP E-Recruiting (aka ERECRUIT) 605 through 617.
network
low complexity
sap CWE-20
7.5
2017-09-06 CVE-2015-7241 XXE vulnerability in SAP Netweaver 4.0/6.4/7.0
XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01.
network
low complexity
sap CWE-611
critical
9.8