Vulnerabilities > SAP

DATE	CVE	VULNERABILITY TITLE	RISK
2018-12-11	CVE-2018-2486	Cross-site Scripting vulnerability in SAP Marketing Sapscore and Marketing Uicuan SAP Marketing (UICUAN (1.20, 1.30, 1.40), SAPSCORE (1.13, 1.14)) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. network low complexity sap CWE-79	5.4
2018-11-13	CVE-2018-2491	Code Injection vulnerability in SAP Fiori Client When opening a deep link URL in SAP Fiori Client with log level set to "Debug", the client application logs the URL to the log file. local low complexity sap CWE-94	7.8
2018-11-13	CVE-2018-2490	Incorrect Permission Assignment for Critical Resource vulnerability in SAP Fiori Client The broadcast messages received by SAP Fiori Client are not protected by permissions. local low complexity sap CWE-732	7.8
2018-11-13	CVE-2018-2489	Incorrect Permission Assignment for Critical Resource vulnerability in SAP Fiori Client Locally, without any permission, an arbitrary android application could delete the SSO configuration of SAP Fiori Client. local low complexity sap CWE-732	7.8
2018-11-13	CVE-2018-2488	Unspecified vulnerability in SAP Fiori Client It is possible for a malware application installed on an Android device to send local push notifications with an empty message to SAP Fiori Client and cause the application to crash. local low complexity sap	7.8
2018-11-13	CVE-2018-2487	Unspecified vulnerability in SAP Disclosure Management 10.1 SAP Disclosure Management 10.x allows an attacker to exploit through a specially crafted zip file provided by users: When extracted in specific use cases, files within this zip file can land in different locations than the originally intended extraction point. network high complexity sap	8.3
2018-11-13	CVE-2018-2485	Unspecified vulnerability in SAP Fiori Client It is possible for a malicious application or malware to execute JavaScript in a SAP Fiori application. local low complexity sap	7.7
2018-11-13	CVE-2018-2483	Improper Authentication vulnerability in SAP Businessobjects Business Intelligence 4.1/4.2 HTTP Verb Tampering is possible in SAP BusinessObjects Business Intelligence Platform, versions 4.1 and 4.2, Central Management Console (CMC) by changing request method. network low complexity sap CWE-287	4.3
2018-11-13	CVE-2018-2482	Unspecified vulnerability in SAP Mobile Secure 6.60.19942.0 SAP Mobile Secure Android Application, Mobile-secure.apk Android client, before version 6.60.19942.0, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. network low complexity sap	7.5
2018-11-13	CVE-2018-2481	Improper Privilege Management vulnerability in SAP Advanced Business Application Programming In some SAP standard roles, in SAP_ABA versions, 7.00 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, 75C to 75D, a transaction code reserved for customer is used. network low complexity sap CWE-269	7.2

Vulnerabilities > SAP {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"SAP"}]}

Vulnerabilities > SAP