Vulnerabilities > SAP
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-10-08 | CVE-2019-0370 | XML Injection (aka Blind XPath Injection) vulnerability in SAP Financial Consolidation 10.0/10.1 Due to missing input validation, SAP Financial Consolidation, before versions 10.0 and 10.1, enables an attacker to use crafted input to interfere with the structure of the surrounding query leading to XPath Injection. | 6.5 |
2019-10-08 | CVE-2019-0369 | Cross-site Scripting vulnerability in SAP Financial Consolidation 10.0/10.1 SAP Financial Consolidation, before versions 10.0 and 10.1, does not sufficiently encode user-controlled inputs, which allows an attacker to execute scripts by uploading files containing malicious scripts, leading to reflected cross site scripting vulnerability. | 5.4 |
2019-10-08 | CVE-2019-0368 | Cross-site Scripting vulnerability in SAP products SAP Customer Relationship Management (Email Management), versions: S4CRM before 1.0 and 2.0, BBPCRM before 7.0, 7.01, 7.02, 7.12, 7.13 and 7.14, does not sufficiently encode user-controlled inputs within the mail client resulting in Cross-Site Scripting vulnerability. | 5.4 |
2019-10-08 | CVE-2019-0367 | Missing Authorization vulnerability in SAP Netweaver Process Integration 1.0/2.0 SAP NetWeaver Process Integration (B2B Toolkit), before versions 1.0 and 2.0, does not perform necessary authorization checks for an authenticated user, allowing the import of B2B table content that leads to Missing Authorization Check. | 4.3 |
2019-09-10 | CVE-2019-0365 | Unspecified vulnerability in SAP products SAP Kernel (RFC), KRNL32NUC, KRNL32UC and KRNL64NUC before versions 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64UC, before versions 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73 and KERNEL before versions 7.21, 7.49, 7.53, 7.73, 7.76 SAP GUI for Windows (BC-FES-GUI) before versions 7.5, 7.6, and SAP GUI for Java (BC-FES-JAV) before version 7.5, allow an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. | 7.5 |
2019-09-10 | CVE-2019-0364 | Unspecified vulnerability in SAP Hana Extended Application Services 1.0 Attackers may misuse an HTTP/REST endpoint of SAP HANA Extended Application Services (Advanced model), before version 1.0.118, to enumerate open ports. | 4.3 |
2019-09-10 | CVE-2019-0363 | Unspecified vulnerability in SAP Hana Extended Application Services 1.0 Attackers may misuse an HTTP/REST endpoint of SAP HANA Extended Application Services (Advanced model), before version 1.0.118, to overload the server or retrieve information about internal network ports. | 7.1 |
2019-09-10 | CVE-2019-0361 | Cross-site Scripting vulnerability in SAP Supplier Relationship Management 3.73/7.31/7.32 SAP Supplier Relationship Management (Master Data Management Catalog - SRM_MDM_CAT, before versions 3.73, 7.31, 7.32) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 6.1 |
2019-09-10 | CVE-2019-0357 | Unspecified vulnerability in SAP Hana 1.0/2.0 The administrator of SAP HANA database, before versions 1.0 and 2.0, can misuse HANA to execute commands with operating system "root" privileges. | 6.7 |
2019-09-10 | CVE-2019-0356 | Unspecified vulnerability in SAP Netweaver Process Integration 7.31/7.40/7.50 Under certain conditions SAP NetWeaver Process Integration Runtime Workbench – MESSAGING and SAP_XIAF (before versions 7.31, 7.40, 7.50) allows an attacker to access information which would otherwise be restricted. | 4.3 |