Vulnerabilities > SAP > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-11-13 CVE-2019-0391 Unspecified vulnerability in SAP Netweaver Application Server Java
Under certain conditions SAP NetWeaver AS Java (corrected in 7.10, 7.20, 7.30, 7.31, 7.40, 7.50) allows an attacker to access information which would otherwise be restricted.
network
low complexity
sap
4.3
2019-11-13 CVE-2019-0390 Information Exposure vulnerability in SAP Diagnostics Agent 7.2
Under certain conditions SAP Data Hub (corrected in DH_Foundation version 2) allows an attacker to access information which would otherwise be restricted.
network
low complexity
sap CWE-200
4.3
2019-11-13 CVE-2019-0385 Cross-site Scripting vulnerability in SAP Enable NOW 10/1902
SAP Enable Now, before version 1908, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
6.5
2019-11-13 CVE-2019-0382 Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform
A Cross-Site Scripting vulnerability exists in SAP BusinessObjects Business Intelligence Platform (Web Intelligence-Publication related pages); corrected in version 4.2.
network
low complexity
sap CWE-79
5.4
2019-10-08 CVE-2019-0381 Files or Directories Accessible to External Parties vulnerability in SAP Dynamic Tier, SAP IQ and SQL Anywhere
A binary planting in SAP SQL Anywhere, before version 17.0, SAP IQ, before version 16.1, and SAP Dynamic Tier, before versions 1.0 and 2.0, can result in the inadvertent access of files located in directories outside of the paths specified by the user.
local
low complexity
sap CWE-552
5.5
2019-10-08 CVE-2019-0380 Information Exposure Through Log Files vulnerability in SAP Landscape Management 3.0
Under certain conditions, SAP Landscape Management enterprise edition, before version 3.0, allows custom secure parameters’ default values to be part of the application logs leading to Information Disclosure.
network
low complexity
sap CWE-532
4.9
2019-10-08 CVE-2019-0379 Missing Authentication for Critical Function vulnerability in SAP Process Integration 1.0/2.0
SAP Process Integration, business-to-business add-on, versions 1.0, 2.0, does not perform authentication check properly when the default security provider is changed to BouncyCastle (BC), leading to Missing Authentication Check
network
low complexity
sap CWE-306
5.3
2019-10-08 CVE-2019-0378 Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 4.0/4.1
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before version 4.2, does not sufficiently encode user-controlled inputs and allows an attacker to store malicious scripts in the file name of the background image resulting in Stored Cross-Site Scripting.
network
low complexity
sap CWE-79
5.4
2019-10-08 CVE-2019-0377 Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 4.0/4.1
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2, does not sufficiently encode user-controlled inputs and allows an attacker to store malicious scripts in the input controls, resulting in Stored Cross-Site Scripting.
network
low complexity
sap CWE-79
5.4
2019-10-08 CVE-2019-0376 Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 4.0/4.1/4.2
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows an attacker to save malicious scripts in the publication name, which can be executed later by the victim, resulting in Stored Cross-Site Scripting.
network
low complexity
sap CWE-79
5.4