Vulnerabilities > SAP > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-09 | CVE-2018-2418 | Code Injection vulnerability in SAP Maxdb Odbc Driver SAP MaxDB ODBC driver (all versions before 7.9.09.07) allows an attacker to inject code that can be executed by the application. | 7.5 |
| 2018-04-10 | CVE-2018-2408 | Session Fixation vulnerability in SAP Businessobjects Improper Session Management in SAP Business Objects, 4.0, from 4.10, from 4.20, 4.30, CMC/BI Launchpad/Fiorified BI Launchpad. | 7.5 |
| 2018-04-10 | CVE-2018-2404 | Unrestricted Upload of File with Dangerous Type vulnerability in SAP Disclosure Management 10.1 SAP Disclosure Management 10.1 allows an attacker to upload any file without proper file format validation. | 7.5 |
| 2018-03-01 | CVE-2018-2368 | Missing Authentication for Critical Function vulnerability in SAP Netweaver System Landscape Directory SAP NetWeaver System Landscape Directory, LM-CORE 7.10, 7.20, 7.30, 7.31, 7.40, does not perform any authentication checks for functionalities that require user identity. | 7.5 |
| 2018-02-14 | CVE-2018-2376 | Unspecified vulnerability in SAP Hana Extended Application Services 1.0 In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could retrieve application environments within that space. | 8.1 |
| 2018-02-14 | CVE-2018-2375 | Unspecified vulnerability in SAP Hana Extended Application Services 1.0 In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could retrieve application environments within that space. | 8.1 |
| 2018-02-14 | CVE-2018-2373 | Unspecified vulnerability in SAP Hana Extended Application Services 1.0 Under certain circumstances, a specific endpoint of the Controller's API could be misused by unauthenticated users to execute SQL statements that deliver information about system configuration in SAP HANA Extended Application Services, 1.0. | 7.5 |
| 2017-12-12 | CVE-2017-16684 | Improper Authentication vulnerability in SAP Business Intelligence Promotion Management Application 4.10/4.20/4.30 SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, and 4.30, does not perform authentication checks for functionalities that require user identity. | 7.5 |
| 2017-12-12 | CVE-2017-16680 | Injection vulnerability in SAP Hana Extended Application Services 1.0 Two potential audit log injections in SAP HANA extended application services 1.0, advanced model: 1) Certain HTTP/REST endpoints of controller service are missing user input validation which could allow unprivileged attackers to forge audit log lines. | 7.5 |
| 2017-09-06 | CVE-2015-7241 | XXE vulnerability in SAP Netweaver 4.0/6.4/7.0 XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01. | 7.5 |