Vulnerabilities > SAP > Low
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-02-15 | CVE-2019-0254 | Cross-site Scripting vulnerability in SAP Disclosure Management SAP Disclosure Management (before version 10.1 Stack 1301) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 3.5 |
2019-02-15 | CVE-2019-0256 | Unspecified vulnerability in SAP Business ONE 1.2.12 Under certain conditions SAP Business One Mobile Android App, version 1.2.12, allows an attacker to access information which would otherwise be restricted. | 2.1 |
2019-02-15 | CVE-2019-0262 | Cross-site Scripting vulnerability in SAP Businessobjects BI Platform 4.10/4.20 SAP WebIntelligence BILaunchPad, versions 4.10, 4.20, does not sufficiently encode user-controlled inputs in generated HTML reports, resulting in Cross-Site Scripting (XSS) vulnerability. | 3.5 |
2019-01-08 | CVE-2019-0244 | Cross-site Scripting vulnerability in SAP products SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 3.5 |
2019-01-08 | CVE-2019-0245 | Cross-site Scripting vulnerability in SAP products SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 3.5 |
2018-12-11 | CVE-2018-2486 | Cross-site Scripting vulnerability in SAP Marketing Sapscore and Marketing Uicuan SAP Marketing (UICUAN (1.20, 1.30, 1.40), SAPSCORE (1.13, 1.14)) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 3.5 |
2018-12-11 | CVE-2018-2500 | Unspecified vulnerability in SAP Mobile Secure Under certain conditions SAP Mobile Secure Android client (before version 6.60.19942.0 SP28 1711) allows an attacker to access information which would otherwise be restricted. local sap | 1.9 |
2018-12-11 | CVE-2018-2503 | Missing Authorization vulnerability in SAP Netweaver Application Server Java By default, the SAP NetWeaver AS Java keystore service does not sufficiently restrict the access to resources that should be protected. | 3.3 |
2018-10-09 | CVE-2018-2466 | Cross-site Scripting vulnerability in SAP Data Services 4.2 In Impact and Lineage Analysis in SAP Data Services, version 4.2, the management console does not sufficiently validate user-controlled inputs, which results in Cross-Site Scripting (XSS) vulnerability. | 3.5 |
2018-07-10 | CVE-2018-2440 | Information Exposure Through Log Files vulnerability in SAP Dynamic Authorization Management 7.7/8.5 Under certain circumstances SAP Dynamic Authorization Management (DAM) by NextLabs (Java Policy Controller versions 7.7 and 8.5) exposes sensitive information in the application logs. | 2.1 |