Vulnerabilities > SAP
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-13 | CVE-2019-0382 | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform A Cross-Site Scripting vulnerability exists in SAP BusinessObjects Business Intelligence Platform (Web Intelligence-Publication related pages); corrected in version 4.2. | 5.4 |
| 2019-11-04 | CVE-2019-0350 | Unspecified vulnerability in SAP Hana Database 1.00/2.00 SAP HANA Database, versions 1.0, 2.0, allows an unauthorized attacker to send a malformed connection request, which crashes the indexserver of an SAP HANA instance, leading to Denial of Service | 7.5 |
| 2019-10-08 | CVE-2019-0381 | Files or Directories Accessible to External Parties vulnerability in SAP Dynamic Tier, SAP IQ and SQL Anywhere A binary planting in SAP SQL Anywhere, before version 17.0, SAP IQ, before version 16.1, and SAP Dynamic Tier, before versions 1.0 and 2.0, can result in the inadvertent access of files located in directories outside of the paths specified by the user. | 5.5 |
| 2019-10-08 | CVE-2019-0380 | Information Exposure Through Log Files vulnerability in SAP Landscape Management 3.0 Under certain conditions, SAP Landscape Management enterprise edition, before version 3.0, allows custom secure parameters’ default values to be part of the application logs leading to Information Disclosure. | 4.9 |
| 2019-10-08 | CVE-2019-0379 | Missing Authentication for Critical Function vulnerability in SAP Process Integration 1.0/2.0 SAP Process Integration, business-to-business add-on, versions 1.0, 2.0, does not perform authentication check properly when the default security provider is changed to BouncyCastle (BC), leading to Missing Authentication Check | 5.3 |
| 2019-10-08 | CVE-2019-0378 | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 4.0/4.1 SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before version 4.2, does not sufficiently encode user-controlled inputs and allows an attacker to store malicious scripts in the file name of the background image resulting in Stored Cross-Site Scripting. | 5.4 |
| 2019-10-08 | CVE-2019-0377 | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 4.0/4.1 SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2, does not sufficiently encode user-controlled inputs and allows an attacker to store malicious scripts in the input controls, resulting in Stored Cross-Site Scripting. | 5.4 |
| 2019-10-08 | CVE-2019-0376 | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 4.0/4.1/4.2 SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows an attacker to save malicious scripts in the publication name, which can be executed later by the victim, resulting in Stored Cross-Site Scripting. | 5.4 |
| 2019-10-08 | CVE-2019-0375 | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 4.0/4.1/4.2 SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows execution of scripts in the export dialog box of the report name resulting in reflected Cross-Site Scripting. | 5.4 |
| 2019-10-08 | CVE-2019-0374 | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 4.0/4.1/4.2 SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows execution of scripts in the chart title resulting in reflected Cross-Site Scripting | 5.4 |