Vulnerabilities > SAP > High

DATE CVE VULNERABILITY TITLE RISK
2020-01-23 CVE-2013-1593 Improper Validation of Array Index vulnerability in SAP Netweaver
A Denial of Service vulnerability exists in the WRITE_C function in the msg_server.exe module in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04 when sending a crafted SAP Message Server packet to TCP ports 36NN and/or 39NN.
network
low complexity
sap CWE-129
7.5
2020-01-14 CVE-2020-6304 Improper Input Validation vulnerability in SAP products
Improper input validation in SAP NetWeaver Internet Communication Manager (update provided in KRNL32NUC & KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT KRNL64NUC & KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49 KERNEL 7.21, 7.49, 7.53) allows an attacker to prevent users from accessing its services through a denial of service.
network
low complexity
sap CWE-20
7.5
2019-12-17 CVE-2019-0384 Incorrect Authorization vulnerability in SAP products
Transaction Management in SAP Treasury and Risk Management (corrected in S4CORE versions 1.01, 1.02, 1.03, 1.04 and EA-FINSERV versions 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for functionalities that require user identity.
network
low complexity
sap CWE-863
8.8
2019-12-17 CVE-2019-0383 Incorrect Authorization vulnerability in SAP products
Transaction Management in SAP Treasury and Risk Management (corrected in S4CORE versions 1.01, 1.02, 1.03, 1.04 and EA-FINSERV versions 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
network
low complexity
sap CWE-863
8.8
2019-12-11 CVE-2019-0405 Information Exposure vulnerability in SAP Enable NOW 10/1902/1908
SAP Enable Now, before version 1911, leaks information about the existence of a particular user which can be used to construct a list of users, leading to a user enumeration vulnerability and Information Disclosure.
network
low complexity
sap CWE-200
7.5
2019-12-11 CVE-2019-0404 Information Exposure Through an Error Message vulnerability in SAP Enable NOW 10/1902/1908
SAP Enable Now, before version 1911, leaks information about network configuration in the server error messages, leading to Information Disclosure.
network
low complexity
sap CWE-209
7.5
2019-12-11 CVE-2019-0398 Cross-Site Request Forgery (CSRF) vulnerability in SAP Businessobjects Business Intelligence Platform 4.1/4.2/4.3
Due to insufficient CSRF protection, SAP BusinessObjects Business Intelligence Platform (Monitoring Application), before versions 4.1, 4.2 and 4.3, may lead to an authenticated user to send unintended request to the web server, leading to Cross Site Request Forgery.
network
low complexity
sap CWE-352
8.8
2019-11-13 CVE-2019-0396 Improper Input Validation vulnerability in SAP Businessobjects Business Intelligence Platform 4.0/4.1
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), corrected in versions 4.1 and 4.2, does not sufficiently validate an XML document accepted from an untrusted source.
network
low complexity
sap CWE-20
7.1
2019-11-13 CVE-2019-0389 Unspecified vulnerability in SAP Netweaver Application Server Java
An administrator of SAP NetWeaver Application Server Java (J2EE-Framework), (corrected in versions 7.1, 7.2, 7.3, 7.31, 7.4, 7.5), may change privileges for all or some functions in Java Server, and enable users to execute functions, they are not allowed to execute otherwise.
network
low complexity
sap
8.8
2019-11-04 CVE-2019-0350 Unspecified vulnerability in SAP Hana Database 1.00/2.00
SAP HANA Database, versions 1.0, 2.0, allows an unauthorized attacker to send a malformed connection request, which crashes the indexserver of an SAP HANA instance, leading to Denial of Service
network
low complexity
sap
7.5