Vulnerabilities > SAP > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-09 | CVE-2018-2421 | Unspecified vulnerability in SAP Internet Graphics Server SAP Internet Graphics Server (IGS) Portwatcher, 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. | 7.5 |
| 2018-04-10 | CVE-2018-2413 | Missing Authorization vulnerability in SAP Disclosure Management 10.1 SAP Disclosure Management 10.1 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 8.8 |
| 2018-04-10 | CVE-2018-2412 | Missing Authorization vulnerability in SAP Disclosure Management 10.1 SAP Disclosure Management 10.1 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 8.8 |
| 2018-04-10 | CVE-2018-2409 | Session Fixation vulnerability in SAP Cloud Platform 2.0 Improper session management when using SAP Cloud Platform 2.0 (Connectivity Service and Cloud Connector). | 8.8 |
| 2018-04-10 | CVE-2018-2408 | Session Fixation vulnerability in SAP Businessobjects Improper Session Management in SAP Business Objects, 4.0, from 4.10, from 4.20, 4.30, CMC/BI Launchpad/Fiorified BI Launchpad. | 7.3 |
| 2018-03-14 | CVE-2018-2402 | Information Exposure vulnerability in SAP Hana 1.00/2.00 In systems using the optional capture & replay functionality of SAP HANA, 1.00 and 2.00, (see SAP Note 2362820 for more information about capture & replay), user credentials may be stored in clear text in the indexserver trace files of the control system. | 8.4 |
| 2018-03-14 | CVE-2018-2398 | Unspecified vulnerability in SAP Business Client 6.5 Under certain conditions SAP Business Client 6.5 allows an attacker to access information which would otherwise be restricted. | 7.5 |
| 2018-03-01 | CVE-2018-2367 | Path Traversal vulnerability in SAP Business Application Software Integrated Solution ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs. | 8.8 |
| 2018-02-14 | CVE-2018-2395 | Unspecified vulnerability in SAP Internet Graphics Server Under certain conditions a malicious user may retrieve information on SAP Internet Graphic Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, overwrite existing image or corrupt other type of files. | 8.8 |
| 2018-02-14 | CVE-2018-2393 | XXE vulnerability in SAP Internet Graphics Server Under certain conditions SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML External Entity appropriately causing the SAP Internet Graphics Server (IGS) to become unavailable. | 7.5 |