Vulnerabilities > SAP > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-13 | CVE-2019-0393 | SQL Injection vulnerability in SAP Quality Management An SQL Injection vulnerability in SAP Quality Management (corrected in S4CORE versions 1.0, 1.01, 1.02, 1.03) allows an attacker to carry out targeted database queries that can read individual fields of historical inspection results. | 4.3 |
| 2019-11-13 | CVE-2019-0391 | Unspecified vulnerability in SAP Netweaver Application Server Java Under certain conditions SAP NetWeaver AS Java (corrected in 7.10, 7.20, 7.30, 7.31, 7.40, 7.50) allows an attacker to access information which would otherwise be restricted. | 4.3 |
| 2019-11-13 | CVE-2019-0390 | Information Exposure vulnerability in SAP Diagnostics Agent 7.2 Under certain conditions SAP Data Hub (corrected in DH_Foundation version 2) allows an attacker to access information which would otherwise be restricted. | 4.3 |
| 2019-11-13 | CVE-2019-0385 | Cross-site Scripting vulnerability in SAP Enable NOW 10/1902 SAP Enable Now, before version 1908, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 6.5 |
| 2019-11-13 | CVE-2019-0382 | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform A Cross-Site Scripting vulnerability exists in SAP BusinessObjects Business Intelligence Platform (Web Intelligence-Publication related pages); corrected in version 4.2. | 5.4 |
| 2019-10-08 | CVE-2019-0381 | Files or Directories Accessible to External Parties vulnerability in SAP Dynamic Tier, SAP IQ and SQL Anywhere A binary planting in SAP SQL Anywhere, before version 17.0, SAP IQ, before version 16.1, and SAP Dynamic Tier, before versions 1.0 and 2.0, can result in the inadvertent access of files located in directories outside of the paths specified by the user. | 5.5 |
| 2019-10-08 | CVE-2019-0380 | Information Exposure Through Log Files vulnerability in SAP Landscape Management 3.0 Under certain conditions, SAP Landscape Management enterprise edition, before version 3.0, allows custom secure parameters’ default values to be part of the application logs leading to Information Disclosure. | 4.9 |
| 2019-10-08 | CVE-2019-0379 | Missing Authentication for Critical Function vulnerability in SAP Process Integration 1.0/2.0 SAP Process Integration, business-to-business add-on, versions 1.0, 2.0, does not perform authentication check properly when the default security provider is changed to BouncyCastle (BC), leading to Missing Authentication Check | 5.3 |
| 2019-10-08 | CVE-2019-0378 | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 4.0/4.1 SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before version 4.2, does not sufficiently encode user-controlled inputs and allows an attacker to store malicious scripts in the file name of the background image resulting in Stored Cross-Site Scripting. | 5.4 |
| 2019-10-08 | CVE-2019-0377 | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 4.0/4.1 SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2, does not sufficiently encode user-controlled inputs and allows an attacker to store malicious scripts in the input controls, resulting in Stored Cross-Site Scripting. | 5.4 |