Vulnerabilities > SAP > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-01-08 | CVE-2019-0247 | Code Injection vulnerability in SAP Cloud Connector SAP Cloud Connector, before version 2.11.3, allows an attacker to inject code that can be executed by the application. | 9.8 |
2019-01-08 | CVE-2019-0246 | Missing Authentication for Critical Function vulnerability in SAP Cloud Connector SAP Cloud Connector, before version 2.11.3, does not perform any authentication checks for functionalities that require user identity. | 9.8 |
2018-08-14 | CVE-2018-2445 | Server-Side Request Forgery (SSRF) vulnerability in SAP Businessobjects Business Intelligence 4.1/4.2 AdminTools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application, resulting in a Server-Side Request Forgery (SSRF) vulnerability. | 9.6 |
2018-07-10 | CVE-2018-2437 | Unspecified vulnerability in SAP Internet Graphics Server The SAP Internet Graphics Service (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to externally trigger IGS command executions which can lead to: disclosure of information and malicious file insertion or modification. | 9.1 |
2018-05-09 | CVE-2018-2420 | Unrestricted Upload of File with Dangerous Type vulnerability in SAP Internet Graphics Server SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to upload any file (including script files) without proper file format validation. | 9.8 |
2018-05-09 | CVE-2018-2418 | Code Injection vulnerability in SAP Maxdb Odbc Driver SAP MaxDB ODBC driver (all versions before 7.9.09.07) allows an attacker to inject code that can be executed by the application. | 9.8 |
2018-04-10 | CVE-2018-2404 | Unrestricted Upload of File with Dangerous Type vulnerability in SAP Disclosure Management 10.1 SAP Disclosure Management 10.1 allows an attacker to upload any file without proper file format validation. | 9.8 |
2018-03-01 | CVE-2018-2368 | Missing Authentication for Critical Function vulnerability in SAP Netweaver System Landscape Directory SAP NetWeaver System Landscape Directory, LM-CORE 7.10, 7.20, 7.30, 7.31, 7.40, does not perform any authentication checks for functionalities that require user identity. | 9.8 |
2017-12-12 | CVE-2017-16684 | Improper Authentication vulnerability in SAP Business Intelligence Promotion Management Application 4.10/4.20/4.30 SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, and 4.30, does not perform authentication checks for functionalities that require user identity. | 9.8 |
2017-10-16 | CVE-2017-15295 | Improper Authentication vulnerability in SAP Point of Sale Xpress Server 1020/1030 Xpress Server in SAP POS does not require authentication for read/write/delete file access. | 9.8 |