Vulnerabilities > SAP
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-08 | CVE-2019-0243 | Missing Authorization vulnerability in SAP Bw/4Hana 1.0 Under some circumstances, masterdata maintenance in SAP BW/4HANA (fixed in DW4CORE version 1.0 (SP08)) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 8.8 |
| 2019-01-08 | CVE-2019-0241 | Unspecified vulnerability in SAP Agentry SDK and Work Manager SAP Work and Inventory Manager (Agentry_SDK , before 7.0, 7.1) allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. | 7.5 |
| 2019-01-08 | CVE-2019-0240 | Unspecified vulnerability in SAP Businessobjects Mobile SAP Business Objects Mobile for Android (before 6.3.5) application allows an attacker to provide malicious input in the form of a SAP BI link, preventing legitimate users from accessing the application by crashing it. | 7.5 |
| 2019-01-08 | CVE-2019-0238 | Cross-site Scripting vulnerability in SAP Hybris SAP Commerce (previously known as SAP Hybris Commerce), before version 6.7, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 6.1 |
| 2019-01-08 | CVE-2018-2499 | Unspecified vulnerability in SAP products A security weakness in SAP Financial Consolidation Cube Designer (BOBJ_EADES fixed in versions 8.0, 10.1) may allow an attacker to discover the password hash of an admin user. | 7.5 |
| 2019-01-08 | CVE-2018-2484 | Missing Authorization vulnerability in SAP products SAP Enterprise Financial Services (fixed in SAPSCORE 1.13, 1.14, 1.15; S4CORE 1.01, 1.02, 1.03; EA-FINSERV 1.10, 2.0, 5.0, 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0; Bank/CFM 4.63_20) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 8.8 |
| 2018-12-11 | CVE-2018-2505 | Cross-site Scripting vulnerability in SAP Hybris SAP Commerce does not sufficiently validate user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability in storefronts that are based on the product. | 6.1 |
| 2018-12-11 | CVE-2018-2504 | Cross-site Scripting vulnerability in SAP Netweaver Application Server Java SAP NetWeaver AS Java Web Container service does not validate against whitelist the HTTP host header which can result in HTTP Host Header Manipulation or Cross-Site Scripting (XSS) vulnerability. | 6.1 |
| 2018-12-11 | CVE-2018-2503 | Missing Authorization vulnerability in SAP Netweaver Application Server Java By default, the SAP NetWeaver AS Java keystore service does not sufficiently restrict the access to resources that should be protected. | 7.4 |
| 2018-12-11 | CVE-2018-2502 | Cross-site Scripting vulnerability in SAP Business ONE on Hana 9.2/9.3 TRACE method is enabled in SAP Business One Service Layer . | 6.1 |