Vulnerabilities > SAP
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-12 | CVE-2019-0304 | Injection vulnerability in SAP products FTP Function of SAP NetWeaver AS ABAP Platform, versions- KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, allows an attacker to inject code or specifically manipulated command that can be executed by the application. | 9.8 |
| 2019-05-14 | CVE-2019-0301 | Improper Privilege Management vulnerability in SAP Identity Management 2.0 Under certain conditions, it is possible to request the modification of role or privilege assignments through SAP Identity Management REST Interface Version 2, which would otherwise be restricted only for viewing. | 8.8 |
| 2019-05-14 | CVE-2019-0298 | Cross-site Scripting vulnerability in SAP E-Commerce SAP E-Commerce (Business-to-Consumer) application does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 6.1 |
| 2019-05-14 | CVE-2019-0293 | Missing Authorization vulnerability in SAP Solution Manager System 20081700/20081710/20081740 Read of RFC destination does not always perform necessary authorization checks, resulting in escalation of privileges to access information on RFC destinations on managed systems and SAP Solution Manager system (ST-PI, before versions 2008_1_700, 2008_1_710, and 740). | 6.5 |
| 2019-05-14 | CVE-2019-0291 | Unspecified vulnerability in SAP Solution Manager 7.2 Under certain conditions Solution Manager, version 7.2, allows an attacker to access information which would otherwise be restricted. | 5.5 |
| 2019-05-14 | CVE-2019-0289 | Unspecified vulnerability in SAP Businessobjects 4.2/4.3 Under certain conditions SAP BusinessObjects Business Intelligence platform (Analysis for OLAP), versions 4.2 and 4.3, allows an attacker to access information which would otherwise be restricted. | 7.1 |
| 2019-05-14 | CVE-2019-0287 | Unspecified vulnerability in SAP Businessobjects 4.2/4.3 Under certain conditions SAP BusinessObjects Business Intelligence platform (Central Management Server), versions 4.2 and 4.3, allows an attacker to access information which would otherwise be restricted. | 7.6 |
| 2019-05-14 | CVE-2019-0280 | Missing Authorization vulnerability in SAP Treasury and Risk Management SAP Treasury and Risk Management (EA-FINSERV 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18 and 8.0; S4CORE 1.01, 1.02 and 1.03), does not perform necessary authorization checks for authorization objects T_DEAL_DP and T_DEAL_PD , resulting in escalation of privileges. | 8.8 |
| 2019-04-10 | CVE-2019-0285 | Cleartext Storage of Sensitive Information vulnerability in SAP Crystal Reports 2010 The .NET SDK WebForm Viewer in SAP Crystal Reports for Visual Studio (fixed in version 2010) discloses sensitive database information including credentials which can be misused by the attacker. | 9.8 |
| 2019-04-10 | CVE-2019-0284 | XXE vulnerability in SAP Hana 1.0/2.0 SLD Registration in SAP HANA (fixed in versions 1.0, 2.0) does not sufficiently validate an XML document accepted from an untrusted source. | 6.0 |