Vulnerabilities > SAP
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-14 | CVE-2020-6305 | Cross-site Scripting vulnerability in SAP Process Integration 7.31/7.40/7.50 PI Rest Adapter of SAP Process Integration (update provided in SAP_XIAF 7.31, 7.40, 7.50) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 6.1 |
| 2020-01-14 | CVE-2020-6304 | Improper Input Validation vulnerability in SAP products Improper input validation in SAP NetWeaver Internet Communication Manager (update provided in KRNL32NUC & KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT KRNL64NUC & KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49 KERNEL 7.21, 7.49, 7.53) allows an attacker to prevent users from accessing its services through a denial of service. | 7.5 |
| 2020-01-14 | CVE-2020-6303 | Cross-site Scripting vulnerability in SAP Disclosure Management SAP Disclosure Management, before version 10.1, does not validate user input properly in specific use cases leading to Cross-Site Scripting. | 5.4 |
| 2019-12-17 | CVE-2019-0384 | Incorrect Authorization vulnerability in SAP products Transaction Management in SAP Treasury and Risk Management (corrected in S4CORE versions 1.01, 1.02, 1.03, 1.04 and EA-FINSERV versions 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for functionalities that require user identity. | 8.8 |
| 2019-12-17 | CVE-2019-0383 | Incorrect Authorization vulnerability in SAP products Transaction Management in SAP Treasury and Risk Management (corrected in S4CORE versions 1.01, 1.02, 1.03, 1.04 and EA-FINSERV versions 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 8.8 |
| 2019-12-11 | CVE-2019-0405 | Information Exposure vulnerability in SAP Enable NOW 10/1902/1908 SAP Enable Now, before version 1911, leaks information about the existence of a particular user which can be used to construct a list of users, leading to a user enumeration vulnerability and Information Disclosure. | 7.5 |
| 2019-12-11 | CVE-2019-0404 | Information Exposure Through an Error Message vulnerability in SAP Enable NOW 10/1902/1908 SAP Enable Now, before version 1911, leaks information about network configuration in the server error messages, leading to Information Disclosure. | 7.5 |
| 2019-12-11 | CVE-2019-0403 | Improper Neutralization of Formula Elements in a CSV File vulnerability in SAP Enable NOW 10/1902/1908 SAP Enable Now, before version 1911, allows an attacker to input commands into the CSV files, which will be executed when opened, leading to CSV Command Injection. | 9.8 |
| 2019-12-11 | CVE-2019-0402 | Unspecified vulnerability in SAP Adaptive Server Enterprise 16.0 SAP Adaptive Server Enterprise, before versions 15.7 and 16.0, under certain conditions exposes some sensitive information to the admin, leading to Information Disclosure. | 4.4 |
| 2019-12-11 | CVE-2019-0399 | Unspecified vulnerability in SAP Portfolio and Project Management SAP Portfolio and Project Management, before versions S4CORE 102, 103, EPPM 100 and CPRXRPM 500_702, 600_740, 610_740; unintentionally allows a user to discover accounting information of the Projects in Project dashboard, leading to Information Disclosure. | 6.5 |