Vulnerabilities > SAP
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-02-15 | CVE-2019-0256 | Unspecified vulnerability in SAP Business ONE 1.2.12 Under certain conditions SAP Business One Mobile Android App, version 1.2.12, allows an attacker to access information which would otherwise be restricted. | 5.5 |
| 2019-02-15 | CVE-2019-0255 | Improper Input Validation vulnerability in SAP products SAP NetWeaver AS ABAP Platform, Krnl64nuc 7.74, krnl64UC 7.73, 7.74, Kernel 7.73, 7.74, 7.75, fails to validate type of installation for an ABAP Server system correctly. | 8.1 |
| 2019-02-15 | CVE-2019-0254 | Cross-site Scripting vulnerability in SAP Disclosure Management SAP Disclosure Management (before version 10.1 Stack 1301) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 5.4 |
| 2019-02-15 | CVE-2019-0251 | Cross-site Scripting vulnerability in SAP Businessobjects 4.2/4.3 The Fiori Launchpad of SAP BusinessObjects, before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 6.1 |
| 2019-01-08 | CVE-2019-0249 | Unspecified vulnerability in SAP Landscape Management 3.0 Under certain conditions SAP Landscape Management (VCM 3.0) allows an attacker to access information which would otherwise be restricted. | 7.5 |
| 2019-01-08 | CVE-2019-0248 | Unspecified vulnerability in SAP Basis and Netweaver Under certain conditions SAP Gateway of ABAP Application Server (fixed in SAP_GWFND 7.5, 7.51, 7.52, 7.53; SAP_BASIS 7.5) allows an attacker to access information which would otherwise be restricted. | 5.9 |
| 2019-01-08 | CVE-2019-0247 | Code Injection vulnerability in SAP Cloud Connector SAP Cloud Connector, before version 2.11.3, allows an attacker to inject code that can be executed by the application. | 9.8 |
| 2019-01-08 | CVE-2019-0246 | Missing Authentication for Critical Function vulnerability in SAP Cloud Connector SAP Cloud Connector, before version 2.11.3, does not perform any authentication checks for functionalities that require user identity. | 9.8 |
| 2019-01-08 | CVE-2019-0245 | Cross-site Scripting vulnerability in SAP products SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 5.4 |
| 2019-01-08 | CVE-2019-0244 | Cross-site Scripting vulnerability in SAP products SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 5.4 |