Vulnerabilities > SAP > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-23 | CVE-2013-1593 | Improper Validation of Array Index vulnerability in SAP Netweaver A Denial of Service vulnerability exists in the WRITE_C function in the msg_server.exe module in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04 when sending a crafted SAP Message Server packet to TCP ports 36NN and/or 39NN. | 7.5 |
| 2020-01-14 | CVE-2020-6304 | Improper Input Validation vulnerability in SAP products Improper input validation in SAP NetWeaver Internet Communication Manager (update provided in KRNL32NUC & KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT KRNL64NUC & KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49 KERNEL 7.21, 7.49, 7.53) allows an attacker to prevent users from accessing its services through a denial of service. | 7.5 |
| 2019-12-17 | CVE-2019-0384 | Incorrect Authorization vulnerability in SAP products Transaction Management in SAP Treasury and Risk Management (corrected in S4CORE versions 1.01, 1.02, 1.03, 1.04 and EA-FINSERV versions 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for functionalities that require user identity. | 8.8 |
| 2019-12-17 | CVE-2019-0383 | Incorrect Authorization vulnerability in SAP products Transaction Management in SAP Treasury and Risk Management (corrected in S4CORE versions 1.01, 1.02, 1.03, 1.04 and EA-FINSERV versions 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 8.8 |
| 2019-12-11 | CVE-2019-0405 | Information Exposure vulnerability in SAP Enable NOW 10/1902/1908 SAP Enable Now, before version 1911, leaks information about the existence of a particular user which can be used to construct a list of users, leading to a user enumeration vulnerability and Information Disclosure. | 7.5 |
| 2019-12-11 | CVE-2019-0404 | Information Exposure Through an Error Message vulnerability in SAP Enable NOW 10/1902/1908 SAP Enable Now, before version 1911, leaks information about network configuration in the server error messages, leading to Information Disclosure. | 7.5 |
| 2019-12-11 | CVE-2019-0398 | Cross-Site Request Forgery (CSRF) vulnerability in SAP Businessobjects Business Intelligence Platform 4.1/4.2/4.3 Due to insufficient CSRF protection, SAP BusinessObjects Business Intelligence Platform (Monitoring Application), before versions 4.1, 4.2 and 4.3, may lead to an authenticated user to send unintended request to the web server, leading to Cross Site Request Forgery. | 8.8 |
| 2019-11-13 | CVE-2019-0396 | Improper Input Validation vulnerability in SAP Businessobjects Business Intelligence Platform 4.0/4.1 SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), corrected in versions 4.1 and 4.2, does not sufficiently validate an XML document accepted from an untrusted source. | 7.1 |
| 2019-11-13 | CVE-2019-0389 | Unspecified vulnerability in SAP Netweaver Application Server Java An administrator of SAP NetWeaver Application Server Java (J2EE-Framework), (corrected in versions 7.1, 7.2, 7.3, 7.31, 7.4, 7.5), may change privileges for all or some functions in Java Server, and enable users to execute functions, they are not allowed to execute otherwise. | 8.8 |
| 2019-11-04 | CVE-2019-0350 | Unspecified vulnerability in SAP Hana Database 1.00/2.00 SAP HANA Database, versions 1.0, 2.0, allows an unauthorized attacker to send a malformed connection request, which crashes the indexserver of an SAP HANA instance, leading to Denial of Service | 7.5 |