Vulnerabilities > SAP > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-14 | CVE-2018-2392 | XXE vulnerability in SAP Internet Graphics Server Under certain conditions SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML External Entity appropriately causing the SAP Internet Graphics Server (IGS) to become unavailable. | 7.5 |
| 2018-02-14 | CVE-2018-2381 | Missing Authorization vulnerability in SAP ERP Financials Information System 2.0 SAP ERP Financials Information System (SAP_APPL 6.00, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16; SAP_FIN 6.17, 6.18, 7.00, 7.20, 7.30 S4CORE 1.00, 1.01, 1.02) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 8.8 |
| 2018-02-14 | CVE-2018-2376 | Unspecified vulnerability in SAP Hana Extended Application Services 1.0 In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could retrieve application environments within that space. | 8.1 |
| 2018-02-14 | CVE-2018-2375 | Unspecified vulnerability in SAP Hana Extended Application Services 1.0 In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could retrieve application environments within that space. | 8.1 |
| 2018-02-14 | CVE-2018-2373 | Unspecified vulnerability in SAP Hana Extended Application Services 1.0 Under certain circumstances, a specific endpoint of the Controller's API could be misused by unauthenticated users to execute SQL statements that deliver information about system configuration in SAP HANA Extended Application Services, 1.0. | 7.5 |
| 2018-01-09 | CVE-2018-2363 | Code Injection vulnerability in SAP products SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, contains code that allows you to execute arbitrary program code of the user's choice. | 8.8 |
| 2018-01-09 | CVE-2018-2361 | Incorrect Authorization vulnerability in SAP Solution Manager 7.20 In SAP Solution Manager 7.20, the role SAP_BPO_CONFIG gives the Business Process Operations (BPO) configuration user more authorization than required for configuring the BPO tools. | 8.8 |
| 2018-01-09 | CVE-2018-2360 | Missing Authentication for Critical Function vulnerability in SAP Kernel 7.45/7.49/7.52 SAP Startup Service, SAP KERNEL 7.45, 7.49, and 7.52, is missing an authentication check for functionalities that require user identity and cause consumption of file system storage. | 7.5 |
| 2017-12-12 | CVE-2017-16690 | Untrusted Search Path vulnerability in SAP Plant Connectivity 15.0/2.3 A malicious DLL preload attack possible on NwSapSetup and Installation self-extracting program for SAP Plant Connectivity 2.3 and 15.0. | 7.8 |
| 2017-12-12 | CVE-2017-16689 | Improper Authentication vulnerability in SAP Kernel A Trusted RFC connection in SAP KERNEL 32NUC, SAP KERNEL 32Unicode, SAP KERNEL 64NUC, SAP KERNEL 64Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAP KERNEL from 7.21 to 7.22, 7.45, 7.49, can be established to a different client or a different user on the same system, although no explicit Trusted/Trusting Relation to the same system has been defined. | 8.8 |