Vulnerabilities > SAP > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-07-10 | CVE-2019-0329 | Cross-site Scripting vulnerability in SAP Information Steward 4.2 SAP Information Steward, version 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 6.1 |
2019-07-10 | CVE-2019-0326 | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence 4.1/4.2/4.3 SAP BusinessObjects Business Intelligence Platform (BI Workspace) (Enterprise), versions 4.1, 4.2, 4.3, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 6.1 |
2019-07-10 | CVE-2019-0325 | Missing Authorization vulnerability in SAP ERP HCM 3.0 SAP ERP HCM (SAP_HRCES) , version 3, does not perform necessary authorization checks for a report that reads payroll data of employees in a certain area. | 4.2 |
2019-07-10 | CVE-2019-0321 | Cross-site Scripting vulnerability in SAP products ABAP Server and ABAP Platform (SAP Basis), versions, 7.31, 7.4, 7.5, do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 6.1 |
2019-07-10 | CVE-2019-0318 | Unspecified vulnerability in SAP Netweaver Application Server Java Under certain conditions SAP NetWeaver Application Server for Java (Startup Framework), versions 7.21, 7.22, 7.45, 7.49, and 7.53, allows an attacker to access information which would otherwise be restricted. | 5.3 |
2019-07-10 | CVE-2019-0281 | Cross-site Scripting vulnerability in SAP Openui5 SAPUI5 and OpenUI5, before versions 1.38.39, 1.44.39, 1.52.25, 1.60.6 and 1.63.0, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 6.1 |
2019-06-14 | CVE-2019-0316 | Cross-site Scripting vulnerability in SAP Netweaver Process Integration SAP NetWeaver Process Integration, versions: SAP_XIESR: 7.20, SAP_XITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate user-controlled inputs, which allows an attacker possessing admin privileges to read and modify data from the victim’s browser, by injecting malicious scripts in certain servlets, which will be executed when the victim is tricked to click on those malicious links, resulting in reflected Cross Site Scripting vulnerability. | 4.8 |
2019-06-14 | CVE-2019-0303 | Cross-site Scripting vulnerability in SAP Businessobjects 4.2/4.3 SAP BusinessObjects Business Intelligence Platform (Administration Console), versions 4.2, 4.3, module BILogon/appService.jsp is reflecting requested parameter errMsg into response content without sanitation. | 6.1 |
2019-06-12 | CVE-2019-0314 | Unspecified vulnerability in SAP Inventory Manager and Work Manager SAP Work Manager, versions: 6.3, 6.4, 6.5 and SAP Inventory Manager, version 4.3, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. | 5.5 |
2019-06-12 | CVE-2019-0312 | Missing Authentication for Critical Function vulnerability in SAP Netweaver Process Integration Several web pages provided SAP NetWeaver Process Integration (versions: SAP_XIESR: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 and SAP_XITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50) are not password protected. | 5.3 |