Vulnerabilities > SAP

DATE CVE VULNERABILITY TITLE RISK
2019-02-15 CVE-2019-0255 Improper Input Validation vulnerability in SAP products
SAP NetWeaver AS ABAP Platform, Krnl64nuc 7.74, krnl64UC 7.73, 7.74, Kernel 7.73, 7.74, 7.75, fails to validate type of installation for an ABAP Server system correctly.
network
low complexity
sap CWE-20
5.5
2019-02-15 CVE-2019-0254 Cross-site Scripting vulnerability in SAP Disclosure Management
SAP Disclosure Management (before version 10.1 Stack 1301) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
sap CWE-79
3.5
2019-02-15 CVE-2019-0251 Cross-site Scripting vulnerability in SAP Businessobjects 4.2/4.3
The Fiori Launchpad of SAP BusinessObjects, before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
sap CWE-79
4.3
2019-01-08 CVE-2019-0249 Unspecified vulnerability in SAP Landscape Management 3.0
Under certain conditions SAP Landscape Management (VCM 3.0) allows an attacker to access information which would otherwise be restricted.
network
low complexity
sap
5.0
2019-01-08 CVE-2019-0248 Unspecified vulnerability in SAP Basis and Netweaver
Under certain conditions SAP Gateway of ABAP Application Server (fixed in SAP_GWFND 7.5, 7.51, 7.52, 7.53; SAP_BASIS 7.5) allows an attacker to access information which would otherwise be restricted.
network
sap
4.3
2019-01-08 CVE-2019-0247 Code Injection vulnerability in SAP Cloud Connector
SAP Cloud Connector, before version 2.11.3, allows an attacker to inject code that can be executed by the application.
network
low complexity
sap CWE-94
7.5
2019-01-08 CVE-2019-0246 Missing Authentication for Critical Function vulnerability in SAP Cloud Connector
SAP Cloud Connector, before version 2.11.3, does not perform any authentication checks for functionalities that require user identity.
network
low complexity
sap CWE-306
7.5
2019-01-08 CVE-2019-0245 Cross-site Scripting vulnerability in SAP products
SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
sap CWE-79
3.5
2019-01-08 CVE-2019-0244 Cross-site Scripting vulnerability in SAP products
SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
sap CWE-79
3.5
2019-01-08 CVE-2019-0243 Missing Authorization vulnerability in SAP Bw/4Hana 1.0
Under some circumstances, masterdata maintenance in SAP BW/4HANA (fixed in DW4CORE version 1.0 (SP08)) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
network
low complexity
sap CWE-862
6.5