Vulnerabilities > SAP

DATE CVE VULNERABILITY TITLE RISK
2019-02-15 CVE-2019-0265 XXE vulnerability in SAP products
SLD Registration of ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.
network
low complexity
sap CWE-611
4.9
4.9
2019-02-15 CVE-2019-0262 Cross-site Scripting vulnerability in SAP Businessobjects BI Platform 4.10/4.20
SAP WebIntelligence BILaunchPad, versions 4.10, 4.20, does not sufficiently encode user-controlled inputs in generated HTML reports, resulting in Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
5.4
5.4
2019-02-15 CVE-2019-0261 Missing Authentication for Critical Function vulnerability in SAP Landscape Management 3.0
Under certain circumstances, SAP HANA Extended Application Services, advanced model (XS advanced) does not perform authentication checks properly for XS advanced platform and business users.
network
low complexity
sap CWE-306
critical
 9.8
9.8
2019-02-15 CVE-2019-0259 Unrestricted Upload of File with Dangerous Type vulnerability in SAP Businessobjects 4.2/4.3
SAP BusinessObjects, versions 4.2 and 4.3, (Visual Difference) allows an attacker to upload any file (including script files) without proper file format validation.
network
low complexity
sap CWE-434
critical
 9.8
9.8
2019-02-15 CVE-2019-0258 Missing Authorization vulnerability in SAP Disclosure Management 10.01
SAP Disclosure Management, version 10.01, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
network
low complexity
sap CWE-862
8.8
8.8
2019-02-15 CVE-2019-0257 Missing Authorization vulnerability in SAP products
Customizing functionality of SAP NetWeaver AS ABAP Platform (fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.53, from 7.74 to 7.75) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
network
low complexity
sap CWE-862
8.8
8.8
2019-02-15 CVE-2019-0256 Unspecified vulnerability in SAP Business ONE 1.2.12
Under certain conditions SAP Business One Mobile Android App, version 1.2.12, allows an attacker to access information which would otherwise be restricted.
local
low complexity
sap
5.5
5.5
2019-02-15 CVE-2019-0255 Improper Input Validation vulnerability in SAP products
SAP NetWeaver AS ABAP Platform, Krnl64nuc 7.74, krnl64UC 7.73, 7.74, Kernel 7.73, 7.74, 7.75, fails to validate type of installation for an ABAP Server system correctly.
network
low complexity
sap CWE-20
8.1
8.1
2019-02-15 CVE-2019-0254 Cross-site Scripting vulnerability in SAP Disclosure Management
SAP Disclosure Management (before version 10.1 Stack 1301) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
5.4
5.4
2019-02-15 CVE-2019-0251 Cross-site Scripting vulnerability in SAP Businessobjects 4.2/4.3
The Fiori Launchpad of SAP BusinessObjects, before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
6.1
6.1