Vulnerabilities > SAP > High

DATE CVE VULNERABILITY TITLE RISK
2018-11-13 CVE-2018-2488 Unspecified vulnerability in SAP Fiori Client
It is possible for a malware application installed on an Android device to send local push notifications with an empty message to SAP Fiori Client and cause the application to crash.
local
low complexity
sap
7.8
2018-11-13 CVE-2018-2487 Unspecified vulnerability in SAP Disclosure Management 10.1
SAP Disclosure Management 10.x allows an attacker to exploit through a specially crafted zip file provided by users: When extracted in specific use cases, files within this zip file can land in different locations than the originally intended extraction point.
network
high complexity
sap
8.3
2018-11-13 CVE-2018-2485 Unspecified vulnerability in SAP Fiori Client
It is possible for a malicious application or malware to execute JavaScript in a SAP Fiori application.
local
low complexity
sap
7.7
2018-11-13 CVE-2018-2482 Unspecified vulnerability in SAP Mobile Secure
SAP Mobile Secure Android Application, Mobile-secure.apk Android client, before version 6.60.19942.0, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.
network
low complexity
sap
7.5
2018-11-13 CVE-2018-2481 Improper Privilege Management vulnerability in SAP Advanced Business Application Programming
In some SAP standard roles, in SAP_ABA versions, 7.00 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, 75C to 75D, a transaction code reserved for customer is used.
network
low complexity
sap CWE-269
7.2
2018-11-13 CVE-2018-2478 Unspecified vulnerability in SAP Basis
An attacker can use specially crafted inputs to execute commands on the host of a TREX / BWA installation, SAP Basis, versions: 7.0 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40 and 7.50 to 7.53.
network
low complexity
sap
7.2
2018-11-13 CVE-2018-2477 XML Injection (aka Blind XPath Injection) vulnerability in SAP Netweaver
Knowledge Management (XMLForms) in SAP NetWeaver, versions 7.30, 7.31, 7.40 and 7.50 does not sufficiently validate an XML document accepted from an untrusted source.
network
low complexity
sap CWE-91
8.8
2018-10-09 CVE-2018-2471 Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 4.10/4.20
Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 allows an attacker to access information which would otherwise be restricted.
network
low complexity
sap
7.5
2018-10-09 CVE-2018-2469 Unspecified vulnerability in SAP Adaptive Server Enterprise 15.7/16.0
Under certain conditions SAP Adaptive Server Enterprise (ASE), versions 15.7 and 16.0, allows an attacker to access information which would otherwise be restricted.
network
low complexity
sap
7.5
2018-10-09 CVE-2018-2468 Unspecified vulnerability in SAP Adaptive Server Enterprise 15.7/16.0
Under certain conditions the backup server in SAP Adaptive Server Enterprise (ASE), versions 15.7 and 16.0, allows an attacker to access information which would otherwise be restricted.
network
low complexity
sap
7.5