Vulnerabilities > SAP

DATE CVE VULNERABILITY TITLE RISK
2019-01-08 CVE-2019-0243 Missing Authorization vulnerability in SAP Bw/4Hana 1.0
Under some circumstances, masterdata maintenance in SAP BW/4HANA (fixed in DW4CORE version 1.0 (SP08)) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
network
low complexity
sap CWE-862
8.8
2019-01-08 CVE-2019-0241 Unspecified vulnerability in SAP Agentry SDK and Work Manager
SAP Work and Inventory Manager (Agentry_SDK , before 7.0, 7.1) allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.
network
low complexity
sap
7.5
2019-01-08 CVE-2019-0240 Unspecified vulnerability in SAP Businessobjects Mobile
SAP Business Objects Mobile for Android (before 6.3.5) application allows an attacker to provide malicious input in the form of a SAP BI link, preventing legitimate users from accessing the application by crashing it.
network
low complexity
sap
7.5
2019-01-08 CVE-2019-0238 Cross-site Scripting vulnerability in SAP Hybris
SAP Commerce (previously known as SAP Hybris Commerce), before version 6.7, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
6.1
2019-01-08 CVE-2018-2499 Unspecified vulnerability in SAP products
A security weakness in SAP Financial Consolidation Cube Designer (BOBJ_EADES fixed in versions 8.0, 10.1) may allow an attacker to discover the password hash of an admin user.
network
low complexity
sap
7.5
2019-01-08 CVE-2018-2484 Missing Authorization vulnerability in SAP products
SAP Enterprise Financial Services (fixed in SAPSCORE 1.13, 1.14, 1.15; S4CORE 1.01, 1.02, 1.03; EA-FINSERV 1.10, 2.0, 5.0, 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0; Bank/CFM 4.63_20) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
network
low complexity
sap CWE-862
8.8
2018-12-11 CVE-2018-2505 Cross-site Scripting vulnerability in SAP Hybris
SAP Commerce does not sufficiently validate user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability in storefronts that are based on the product.
network
low complexity
sap CWE-79
6.1
2018-12-11 CVE-2018-2504 Cross-site Scripting vulnerability in SAP Netweaver Application Server Java
SAP NetWeaver AS Java Web Container service does not validate against whitelist the HTTP host header which can result in HTTP Host Header Manipulation or Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
6.1
2018-12-11 CVE-2018-2503 Missing Authorization vulnerability in SAP Netweaver Application Server Java
By default, the SAP NetWeaver AS Java keystore service does not sufficiently restrict the access to resources that should be protected.
low complexity
sap CWE-862
7.4
2018-12-11 CVE-2018-2502 Cross-site Scripting vulnerability in SAP Business ONE on Hana 9.2/9.3
TRACE method is enabled in SAP Business One Service Layer .
network
low complexity
sap CWE-79
6.1