Vulnerabilities > SAP

DATE CVE VULNERABILITY TITLE RISK
2019-06-12 CVE-2019-0304 Injection vulnerability in SAP products
FTP Function of SAP NetWeaver AS ABAP Platform, versions- KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, allows an attacker to inject code or specifically manipulated command that can be executed by the application.
network
low complexity
sap CWE-74
critical
9.8
2019-05-14 CVE-2019-0301 Improper Privilege Management vulnerability in SAP Identity Management 2.0
Under certain conditions, it is possible to request the modification of role or privilege assignments through SAP Identity Management REST Interface Version 2, which would otherwise be restricted only for viewing.
network
low complexity
sap CWE-269
8.8
2019-05-14 CVE-2019-0298 Cross-site Scripting vulnerability in SAP E-Commerce
SAP E-Commerce (Business-to-Consumer) application does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
6.1
2019-05-14 CVE-2019-0293 Missing Authorization vulnerability in SAP Solution Manager System 20081700/20081710/20081740
Read of RFC destination does not always perform necessary authorization checks, resulting in escalation of privileges to access information on RFC destinations on managed systems and SAP Solution Manager system (ST-PI, before versions 2008_1_700, 2008_1_710, and 740).
network
low complexity
sap CWE-862
6.5
2019-05-14 CVE-2019-0291 Unspecified vulnerability in SAP Solution Manager 7.2
Under certain conditions Solution Manager, version 7.2, allows an attacker to access information which would otherwise be restricted.
local
low complexity
sap
5.5
2019-05-14 CVE-2019-0289 Unspecified vulnerability in SAP Businessobjects 4.2/4.3
Under certain conditions SAP BusinessObjects Business Intelligence platform (Analysis for OLAP), versions 4.2 and 4.3, allows an attacker to access information which would otherwise be restricted.
network
low complexity
sap
7.1
2019-05-14 CVE-2019-0287 Unspecified vulnerability in SAP Businessobjects 4.2/4.3
Under certain conditions SAP BusinessObjects Business Intelligence platform (Central Management Server), versions 4.2 and 4.3, allows an attacker to access information which would otherwise be restricted.
network
low complexity
sap
7.6
2019-05-14 CVE-2019-0280 Missing Authorization vulnerability in SAP Treasury and Risk Management
SAP Treasury and Risk Management (EA-FINSERV 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18 and 8.0; S4CORE 1.01, 1.02 and 1.03), does not perform necessary authorization checks for authorization objects T_DEAL_DP and T_DEAL_PD , resulting in escalation of privileges.
network
low complexity
sap CWE-862
8.8
2019-04-10 CVE-2019-0285 Cleartext Storage of Sensitive Information vulnerability in SAP Crystal Reports 2010
The .NET SDK WebForm Viewer in SAP Crystal Reports for Visual Studio (fixed in version 2010) discloses sensitive database information including credentials which can be misused by the attacker.
network
low complexity
sap CWE-312
critical
9.8
2019-04-10 CVE-2019-0284 XXE vulnerability in SAP Hana 1.0/2.0
SLD Registration in SAP HANA (fixed in versions 1.0, 2.0) does not sufficiently validate an XML document accepted from an untrusted source.
local
low complexity
sap CWE-611
6.0