Vulnerabilities > SAP
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-11 | CVE-2018-2500 | Unspecified vulnerability in SAP Mobile Secure Under certain conditions SAP Mobile Secure Android client (before version 6.60.19942.0 SP28 1711) allows an attacker to access information which would otherwise be restricted. | 4.7 |
| 2018-12-11 | CVE-2018-2497 | Unspecified vulnerability in SAP Hana 1.0/2.0 The security audit log of SAP HANA, versions 1.0 and 2.0, does not log SELECT events if these events are part of a statement with the syntax CREATE TABLE <table_name> AS SELECT. | 2.7 |
| 2018-12-11 | CVE-2018-2494 | Incorrect Authorization vulnerability in SAP Business Application Software Integrated Solution Necessary authorization checks for an authenticated user, resulting in escalation of privileges, have been fixed in SAP Basis AS ABAP of SAP NetWeaver 700 to 750, from 750 onwards delivered as ABAP Platform. | 8.0 |
| 2018-12-11 | CVE-2018-2492 | XXE vulnerability in SAP Netweaver Application Server Java SAML 2.0 functionality in SAP NetWeaver AS Java, does not sufficiently validate XML documents received from an untrusted source. | 7.1 |
| 2018-12-11 | CVE-2018-2486 | Cross-site Scripting vulnerability in SAP Marketing Sapscore and Marketing Uicuan SAP Marketing (UICUAN (1.20, 1.30, 1.40), SAPSCORE (1.13, 1.14)) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 5.4 |
| 2018-11-13 | CVE-2018-2491 | Code Injection vulnerability in SAP Fiori Client When opening a deep link URL in SAP Fiori Client with log level set to "Debug", the client application logs the URL to the log file. | 7.8 |
| 2018-11-13 | CVE-2018-2490 | Incorrect Permission Assignment for Critical Resource vulnerability in SAP Fiori Client The broadcast messages received by SAP Fiori Client are not protected by permissions. | 7.8 |
| 2018-11-13 | CVE-2018-2489 | Incorrect Permission Assignment for Critical Resource vulnerability in SAP Fiori Client Locally, without any permission, an arbitrary android application could delete the SSO configuration of SAP Fiori Client. | 7.8 |
| 2018-11-13 | CVE-2018-2488 | Unspecified vulnerability in SAP Fiori Client It is possible for a malware application installed on an Android device to send local push notifications with an empty message to SAP Fiori Client and cause the application to crash. | 7.8 |
| 2018-11-13 | CVE-2018-2487 | Unspecified vulnerability in SAP Disclosure Management 10.1 SAP Disclosure Management 10.x allows an attacker to exploit through a specially crafted zip file provided by users: When extracted in specific use cases, files within this zip file can land in different locations than the originally intended extraction point. | 8.3 |