Vulnerabilities > SAP > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-10 | CVE-2019-0322 | Unspecified vulnerability in SAP Commerce Cloud SAP Commerce Cloud (previously known as SAP Hybris Commerce), (HY_COM, versions 6.3, 6.4, 6.5, 6.6, 6.7, 1808, 1811), allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. | 7.5 |
| 2019-07-10 | CVE-2019-0319 | Injection vulnerability in SAP Gateway and UI5 The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is displayed in the form of an error message. | 7.5 |
| 2019-06-12 | CVE-2019-0315 | Unspecified vulnerability in SAP Netweaver Process Integration Under certain conditions the PI Integration Builder Web UI of SAP NetWeaver Process Integration (versions: SAP_XIESR: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, SAP_XITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50 and SAP_XIPCK 7.10 to 7.11, 7.20, 7.30) allows an attacker to access passwords used in FTP channels leading to information disclosure. | 7.5 |
| 2019-05-14 | CVE-2019-0301 | Improper Privilege Management vulnerability in SAP Identity Management 2.0 Under certain conditions, it is possible to request the modification of role or privilege assignments through SAP Identity Management REST Interface Version 2, which would otherwise be restricted only for viewing. | 8.8 |
| 2019-05-14 | CVE-2019-0289 | Unspecified vulnerability in SAP Businessobjects 4.2/4.3 Under certain conditions SAP BusinessObjects Business Intelligence platform (Analysis for OLAP), versions 4.2 and 4.3, allows an attacker to access information which would otherwise be restricted. | 7.1 |
| 2019-05-14 | CVE-2019-0287 | Unspecified vulnerability in SAP Businessobjects 4.2/4.3 Under certain conditions SAP BusinessObjects Business Intelligence platform (Central Management Server), versions 4.2 and 4.3, allows an attacker to access information which would otherwise be restricted. | 7.6 |
| 2019-05-14 | CVE-2019-0280 | Missing Authorization vulnerability in SAP Treasury and Risk Management SAP Treasury and Risk Management (EA-FINSERV 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18 and 8.0; S4CORE 1.01, 1.02 and 1.03), does not perform necessary authorization checks for authorization objects T_DEAL_DP and T_DEAL_PD , resulting in escalation of privileges. | 8.8 |
| 2019-04-10 | CVE-2019-0283 | Authentication Bypass by Spoofing vulnerability in SAP Netweaver Process Integration SAP NetWeaver Process Integration (Adapter Engine), fixed in versions 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; is vulnerable to Digital Signature Spoofing. | 7.1 |
| 2019-04-10 | CVE-2019-0279 | Missing Authorization vulnerability in SAP Business Application Software Integrated Solution ABAP BASIS function modules INST_CREATE_R3_RFC_DEST, INST_CREATE_TCPIP_RFCDEST, and INST_CREATE_TCPIP_RFC_DEST in SAP BASIS (fixed in versions 7.0 to 7.02, 7.10 to 7.30, 7.31, 7.40, 7.50 to 7.53) do not perform necessary authorization checks in all circumstances for an authenticated user, resulting in escalation of privileges. | 8.8 |
| 2019-03-12 | CVE-2019-0276 | Incorrect Authorization vulnerability in SAP products Banking services from SAP 9.0 (FSAPPL version 5) and SAP S/4HANA Financial Products Subledger (S4FPSL, version 1) performs an inadequate authorization check for an authenticated user, potentially resulting in escalation of privileges. | 8.8 |