Vulnerabilities > SAP

DATE CVE VULNERABILITY TITLE RISK
2019-07-10 CVE-2019-0329 Cross-site Scripting vulnerability in SAP Information Steward 4.2
SAP Information Steward, version 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
6.1
2019-07-10 CVE-2019-0328 OS Command Injection vulnerability in SAP Netweaver Process Integration
ABAP Tests Modules (SAP Basis, versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5) of SAP NetWeaver Process Integration enables an attacker the execution of OS commands with privileged rights.
network
low complexity
sap CWE-78
7.2
2019-07-10 CVE-2019-0327 Unrestricted Upload of File with Dangerous Type vulnerability in SAP Netweaver Application Server Java
SAP NetWeaver for Java Application Server - Web Container, (engineapi, versions 7.1, 7.2, 7.3, 7.31, 7.4 and 7.5), (servercode, versions 7.2, 7.3, 7.31, 7.4, 7.5), allows an attacker to upload files (including script files) without proper file format validation.
network
low complexity
sap CWE-434
7.2
2019-07-10 CVE-2019-0326 Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence 4.1/4.2/4.3
SAP BusinessObjects Business Intelligence Platform (BI Workspace) (Enterprise), versions 4.1, 4.2, 4.3, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
6.1
2019-07-10 CVE-2019-0325 Missing Authorization vulnerability in SAP ERP HCM 3.0
SAP ERP HCM (SAP_HRCES) , version 3, does not perform necessary authorization checks for a report that reads payroll data of employees in a certain area.
network
high complexity
sap CWE-862
4.2
2019-07-10 CVE-2019-0322 Unspecified vulnerability in SAP Commerce Cloud
SAP Commerce Cloud (previously known as SAP Hybris Commerce), (HY_COM, versions 6.3, 6.4, 6.5, 6.6, 6.7, 1808, 1811), allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.
network
low complexity
sap
7.5
2019-07-10 CVE-2019-0321 Cross-site Scripting vulnerability in SAP products
ABAP Server and ABAP Platform (SAP Basis), versions, 7.31, 7.4, 7.5, do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
6.1
2019-07-10 CVE-2019-0319 Injection vulnerability in SAP Gateway and UI5
The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is displayed in the form of an error message.
network
low complexity
sap CWE-74
7.5
2019-07-10 CVE-2019-0318 Unspecified vulnerability in SAP Netweaver Application Server Java
Under certain conditions SAP NetWeaver Application Server for Java (Startup Framework), versions 7.21, 7.22, 7.45, 7.49, and 7.53, allows an attacker to access information which would otherwise be restricted.
network
high complexity
sap
5.3
2019-07-10 CVE-2019-0281 Cross-site Scripting vulnerability in SAP Openui5
SAPUI5 and OpenUI5, before versions 1.38.39, 1.44.39, 1.52.25, 1.60.6 and 1.63.0, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
6.1