Vulnerabilities > SAP > High

DATE CVE VULNERABILITY TITLE RISK
2019-02-15 CVE-2019-0259 Unrestricted Upload of File with Dangerous Type vulnerability in SAP Businessobjects 4.2/4.3
SAP BusinessObjects, versions 4.2 and 4.3, (Visual Difference) allows an attacker to upload any file (including script files) without proper file format validation.
network
low complexity
sap CWE-434
7.5
2019-02-15 CVE-2019-0257 Missing Authorization vulnerability in SAP products
Customizing functionality of SAP NetWeaver AS ABAP Platform (fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.53, from 7.74 to 7.75) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
network
low complexity
sap CWE-862
8.8
2019-01-08 CVE-2019-0247 Code Injection vulnerability in SAP Cloud Connector
SAP Cloud Connector, before version 2.11.3, allows an attacker to inject code that can be executed by the application.
network
low complexity
sap CWE-94
7.5
2019-01-08 CVE-2019-0246 Missing Authentication for Critical Function vulnerability in SAP Cloud Connector
SAP Cloud Connector, before version 2.11.3, does not perform any authentication checks for functionalities that require user identity.
network
low complexity
sap CWE-306
7.5
2018-08-14 CVE-2018-2449 Improper Authentication vulnerability in SAP Supplier Relationship Management MDM Catalog 3.73/7.31/7.32
SAP SRM MDM Catalog versions 3.73, 7.31, 7.32 in (SAP NetWeaver 7.3) - import functionality does not perform authentication checks for valid repository user.
network
low complexity
sap CWE-287
7.5
2018-08-02 CVE-2017-16349 XXE vulnerability in SAP Business Planning and Consolidation
An exploitable XML external entity vulnerability exists in the reporting functionality of SAP BPC.
network
low complexity
sap CWE-611
8.1
2018-05-09 CVE-2018-2420 Unrestricted Upload of File with Dangerous Type vulnerability in SAP Internet Graphics Server
SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to upload any file (including script files) without proper file format validation.
network
low complexity
sap CWE-434
7.5
2018-05-09 CVE-2018-2418 Code Injection vulnerability in SAP Maxdb Odbc Driver
SAP MaxDB ODBC driver (all versions before 7.9.09.07) allows an attacker to inject code that can be executed by the application.
network
low complexity
sap CWE-94
7.5
2018-04-10 CVE-2018-2408 Session Fixation vulnerability in SAP Businessobjects
Improper Session Management in SAP Business Objects, 4.0, from 4.10, from 4.20, 4.30, CMC/BI Launchpad/Fiorified BI Launchpad.
network
low complexity
sap CWE-384
7.5
2018-04-10 CVE-2018-2404 Unrestricted Upload of File with Dangerous Type vulnerability in SAP Disclosure Management 10.1
SAP Disclosure Management 10.1 allows an attacker to upload any file without proper file format validation.
network
low complexity
sap CWE-434
7.5