Vulnerabilities > SAP > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-01-08 CVE-2019-0247 Code Injection vulnerability in SAP Cloud Connector
SAP Cloud Connector, before version 2.11.3, allows an attacker to inject code that can be executed by the application.
network
low complexity
sap CWE-94
critical
9.8
2019-01-08 CVE-2019-0246 Missing Authentication for Critical Function vulnerability in SAP Cloud Connector
SAP Cloud Connector, before version 2.11.3, does not perform any authentication checks for functionalities that require user identity.
network
low complexity
sap CWE-306
critical
9.8
2018-08-14 CVE-2018-2445 Server-Side Request Forgery (SSRF) vulnerability in SAP Businessobjects Business Intelligence 4.1/4.2
AdminTools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application, resulting in a Server-Side Request Forgery (SSRF) vulnerability.
network
low complexity
sap CWE-918
critical
9.6
2018-07-10 CVE-2018-2437 Unspecified vulnerability in SAP Internet Graphics Server
The SAP Internet Graphics Service (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to externally trigger IGS command executions which can lead to: disclosure of information and malicious file insertion or modification.
network
low complexity
sap
critical
9.1
2018-05-09 CVE-2018-2420 Unrestricted Upload of File with Dangerous Type vulnerability in SAP Internet Graphics Server
SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to upload any file (including script files) without proper file format validation.
network
low complexity
sap CWE-434
critical
9.8
2018-05-09 CVE-2018-2418 Code Injection vulnerability in SAP Maxdb Odbc Driver
SAP MaxDB ODBC driver (all versions before 7.9.09.07) allows an attacker to inject code that can be executed by the application.
network
low complexity
sap CWE-94
critical
9.8
2018-04-10 CVE-2018-2404 Unrestricted Upload of File with Dangerous Type vulnerability in SAP Disclosure Management 10.1
SAP Disclosure Management 10.1 allows an attacker to upload any file without proper file format validation.
network
low complexity
sap CWE-434
critical
9.8
2018-03-01 CVE-2018-2368 Missing Authentication for Critical Function vulnerability in SAP Netweaver System Landscape Directory
SAP NetWeaver System Landscape Directory, LM-CORE 7.10, 7.20, 7.30, 7.31, 7.40, does not perform any authentication checks for functionalities that require user identity.
network
low complexity
sap CWE-306
critical
9.8
2017-12-12 CVE-2017-16684 Improper Authentication vulnerability in SAP Business Intelligence Promotion Management Application 4.10/4.20/4.30
SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, and 4.30, does not perform authentication checks for functionalities that require user identity.
network
low complexity
sap CWE-287
critical
9.8
2017-10-16 CVE-2017-15295 Improper Authentication vulnerability in SAP Point of Sale Xpress Server 1020/1030
Xpress Server in SAP POS does not require authentication for read/write/delete file access.
network
low complexity
sap CWE-287
critical
9.8