Vulnerabilities > SAP > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-11 | CVE-2019-0402 | Unspecified vulnerability in SAP Adaptive Server Enterprise 16.0 SAP Adaptive Server Enterprise, before versions 15.7 and 16.0, under certain conditions exposes some sensitive information to the admin, leading to Information Disclosure. | 2.1 |
| 2019-11-13 | CVE-2019-0382 | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform A Cross-Site Scripting vulnerability exists in SAP BusinessObjects Business Intelligence Platform (Web Intelligence-Publication related pages); corrected in version 4.2. | 3.5 |
| 2019-11-13 | CVE-2019-0385 | Cross-site Scripting vulnerability in SAP Enable NOW 1902 SAP Enable Now, before version 1908, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 3.5 |
| 2019-10-08 | CVE-2019-0368 | Cross-site Scripting vulnerability in SAP products SAP Customer Relationship Management (Email Management), versions: S4CRM before 1.0 and 2.0, BBPCRM before 7.0, 7.01, 7.02, 7.12, 7.13 and 7.14, does not sufficiently encode user-controlled inputs within the mail client resulting in Cross-Site Scripting vulnerability. | 3.5 |
| 2019-10-08 | CVE-2019-0369 | Cross-site Scripting vulnerability in SAP Financial Consolidation 10.0/10.1 SAP Financial Consolidation, before versions 10.0 and 10.1, does not sufficiently encode user-controlled inputs, which allows an attacker to execute scripts by uploading files containing malicious scripts, leading to reflected cross site scripting vulnerability. | 3.5 |
| 2019-10-08 | CVE-2019-0374 | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 4.0/4.1/4.2 SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows execution of scripts in the chart title resulting in reflected Cross-Site Scripting | 3.5 |
| 2019-10-08 | CVE-2019-0375 | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 4.0/4.1/4.2 SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows execution of scripts in the export dialog box of the report name resulting in reflected Cross-Site Scripting. | 3.5 |
| 2019-10-08 | CVE-2019-0376 | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 4.0/4.1/4.2 SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows an attacker to save malicious scripts in the publication name, which can be executed later by the victim, resulting in Stored Cross-Site Scripting. | 3.5 |
| 2019-10-08 | CVE-2019-0377 | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 4.0/4.1 SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2, does not sufficiently encode user-controlled inputs and allows an attacker to store malicious scripts in the input controls, resulting in Stored Cross-Site Scripting. | 3.5 |
| 2019-10-08 | CVE-2019-0378 | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 4.0/4.1 SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before version 4.2, does not sufficiently encode user-controlled inputs and allows an attacker to store malicious scripts in the file name of the background image resulting in Stored Cross-Site Scripting. | 3.5 |