Vulnerabilities > SAP > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-05-14 CVE-2019-0293 Missing Authorization vulnerability in SAP Solution Manager System 20081700/20081710/20081740
Read of RFC destination does not always perform necessary authorization checks, resulting in escalation of privileges to access information on RFC destinations on managed systems and SAP Solution Manager system (ST-PI, before versions 2008_1_700, 2008_1_710, and 740).
network
low complexity
sap CWE-862
6.5
2019-05-14 CVE-2019-0291 Unspecified vulnerability in SAP Solution Manager 7.2
Under certain conditions Solution Manager, version 7.2, allows an attacker to access information which would otherwise be restricted.
local
low complexity
sap
5.5
2019-04-10 CVE-2019-0284 XXE vulnerability in SAP Hana 1.0/2.0
SLD Registration in SAP HANA (fixed in versions 1.0, 2.0) does not sufficiently validate an XML document accepted from an untrusted source.
local
low complexity
sap CWE-611
6.0
2019-04-10 CVE-2019-0282 Improper Authentication vulnerability in SAP Netweaver Process Integration
Several web pages in SAP NetWeaver Process Integration (Runtime Workbench), fixed in versions 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; can be accessed without user authentication, which might expose internal data like release information, Java package and Java object names which can be misused by the attacker.
network
low complexity
sap CWE-287
5.3
2019-04-10 CVE-2019-0278 Unspecified vulnerability in SAP Netweaver Process Integration
Under certain conditions the Monitoring Servlet of the SAP NetWeaver Process Integration (Messaging System), fixed in versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to see the names of database tables used by the application, leading to information disclosure.
network
low complexity
sap
4.3
2019-03-12 CVE-2019-0277 XXE vulnerability in SAP Hana Extended Application Services 1.0
SAP HANA extended application services, version 1, advanced does not sufficiently validate an XML document accepted from an authenticated developer with privileges to the SAP space (XML External Entity vulnerability).
network
low complexity
sap CWE-611
6.5
2019-03-12 CVE-2019-0275 Cross-site Scripting vulnerability in SAP Netweaver Application Server Java
SAML 1.1 SSO Demo Application in SAP NetWeaver Java Application Server (J2EE-APPS), versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40 and 7.50, does not sufficiently encode user-controlled inputs, which results in cross-site scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
5.4
2019-03-12 CVE-2019-0271 Improper Input Validation vulnerability in SAP products
ABAP Server (used in NetWeaver and Suite/ERP) and ABAP Platform does not sufficiently validate an XML document accepted from an untrusted source, leading to an XML External Entity (XEE) vulnerability.
network
low complexity
sap CWE-20
6.5
2019-03-12 CVE-2019-0269 Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence 4.10/4.20
SAP BusinessObjects Business Intelligence Platform (BI Workspace), versions 4.10 and 4.20, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
5.4
2019-02-15 CVE-2019-0265 XXE vulnerability in SAP products
SLD Registration of ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.
network
low complexity
sap CWE-611
4.9