Vulnerabilities > SAP > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-11 | CVE-2018-2465 | Improper Input Validation vulnerability in SAP Hana 1.0/2.0 SAP HANA (versions 1.0 and 2.0) Extended Application Services classic model OData parser does not sufficiently validate XML. | 7.5 |
| 2018-09-11 | CVE-2018-2463 | Server-Side Request Forgery (SSRF) vulnerability in SAP Hybris The Omni Commerce Connect API (OCC) of SAP Hybris Commerce, versions 6.*, is vulnerable to server-side request forgery (SSRF) attacks. | 8.6 |
| 2018-09-11 | CVE-2018-2462 | Improper Input Validation vulnerability in SAP Netweaver In certain cases, BEx Web Java Runtime Export Web Service in SAP NetWeaver BI 7.30, 7.31. | 8.8 |
| 2018-09-11 | CVE-2018-2461 | Missing Authorization vulnerability in SAP People Profile 6.0 Missing authorization check in SAP HCM Fiori "People Profile" (GBX01 HR version 6.0) for an authenticated user which may result in an escalation of privileges. | 8.8 |
| 2018-09-11 | CVE-2018-2459 | Unspecified vulnerability in SAP Mobile Platform 3.0 Users of an SAP Mobile Platform (version 3.0) Offline OData application, which uses Offline OData-supplied delta tokens (which is on by default), occasionally receive some data values of a different user. | 7.5 |
| 2018-09-11 | CVE-2018-2458 | Unspecified vulnerability in SAP Business ONE 9.2/9.3 Under certain conditions, Crystal Report using SAP Business One, versions 9.2 and 9.3, connection type allows an attacker to access information which would otherwise be restricted. | 7.5 |
| 2018-09-11 | CVE-2018-2455 | Missing Authorization vulnerability in SAP Enterprise Financial Services SAP Enterprise Financial Services, versions 6.05, 6.06, 6.16, 6.17, 6.18, 8.0 (in business function EAFS_BCA_BUSOPR_SEPA) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 8.8 |
| 2018-09-11 | CVE-2018-2454 | Missing Authorization vulnerability in SAP Enterprise Financial Services SAP Enterprise Financial Services, versions 6.05, 6.06, 6.16, 6.17, 6.18, 8.0 (in business function EAFS_BCA_BUSOPR_2) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 8.8 |
| 2018-08-14 | CVE-2018-2450 | SQL Injection vulnerability in SAP Maxdb 7.8/7.9 SAP MaxDB (liveCache), versions 7.8 and 7.9, allows an attacker who gets DBM operator privileges to execute crafted database queries and therefore read, modify or delete sensitive data from database. | 7.2 |
| 2018-08-14 | CVE-2018-2449 | Improper Authentication vulnerability in SAP Supplier Relationship Management MDM Catalog 3.73/7.31/7.32 SAP SRM MDM Catalog versions 3.73, 7.31, 7.32 in (SAP NetWeaver 7.3) - import functionality does not perform authentication checks for valid repository user. | 8.6 |