Vulnerabilities > SAP
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-12 | CVE-2017-16682 | Code Injection vulnerability in SAP products SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be executed by the application and thereby control the behavior of the application. | 7.2 |
| 2017-12-12 | CVE-2017-16681 | Cross-site Scripting vulnerability in SAP Business Intelligence Promotion Management Application 4.10/4.20/4.30 Cross-Site Scripting (XSS) vulnerability in SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, 4.30, as user controlled inputs are not sufficiently encoded. | 6.1 |
| 2017-12-12 | CVE-2017-16680 | Injection vulnerability in SAP Hana Extended Application Services 1.0 Two potential audit log injections in SAP HANA extended application services 1.0, advanced model: 1) Certain HTTP/REST endpoints of controller service are missing user input validation which could allow unprivileged attackers to forge audit log lines. | 7.5 |
| 2017-12-12 | CVE-2017-16679 | Open Redirect vulnerability in SAP Kernel URL redirection vulnerability in SAP's Startup Service, SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.52, that allows an attacker to redirect users to a malicious site. | 6.1 |
| 2017-12-12 | CVE-2017-16678 | Server-Side Request Forgery (SSRF) vulnerability in SAP products Server Side Request Forgery (SSRF) vulnerability in SAP NetWeaver Knowledge Management Configuration Service, EPBC and EPBC2 from 7.00 to 7.02; KMC-BC 7.30, 7.31, 7.40 and 7.50, that allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application. | 4.7 |
| 2017-12-03 | CVE-2017-14516 | Cross-site Scripting vulnerability in SAP Businessobjects Financial Consolidation Cross-Site Scripting (XSS) exists in SAP Business Objects Financial Consolidation before 2017-06-13, aka SAP Security Note 2422292. | 6.1 |
| 2017-10-16 | CVE-2017-15297 | Improper Authentication vulnerability in SAP Host Agent 7.21 SAP Hostcontrol does not require authentication for the SOAP SAPControl endpoint. | 7.5 |
| 2017-10-16 | CVE-2017-15296 | Cross-Site Request Forgery (CSRF) vulnerability in SAP Customer Relationship Management The Java component in SAP CRM has CSRF. | 8.8 |
| 2017-10-16 | CVE-2017-15295 | Improper Authentication vulnerability in SAP Point of Sale Xpress Server 1020/1030 Xpress Server in SAP POS does not require authentication for read/write/delete file access. | 9.8 |
| 2017-10-16 | CVE-2017-15294 | Cross-site Scripting vulnerability in SAP Customer Relationship Management The Java administration console in SAP CRM has XSS. | 6.1 |