Vulnerabilities > SAP > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-10 | CVE-2019-0278 | Unspecified vulnerability in SAP Netweaver Process Integration Under certain conditions the Monitoring Servlet of the SAP NetWeaver Process Integration (Messaging System), fixed in versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to see the names of database tables used by the application, leading to information disclosure. | 4.3 |
| 2019-03-12 | CVE-2019-0277 | XXE vulnerability in SAP Hana Extended Application Services 1.0 SAP HANA extended application services, version 1, advanced does not sufficiently validate an XML document accepted from an authenticated developer with privileges to the SAP space (XML External Entity vulnerability). | 6.5 |
| 2019-03-12 | CVE-2019-0275 | Cross-site Scripting vulnerability in SAP Netweaver Application Server Java SAML 1.1 SSO Demo Application in SAP NetWeaver Java Application Server (J2EE-APPS), versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40 and 7.50, does not sufficiently encode user-controlled inputs, which results in cross-site scripting (XSS) vulnerability. | 5.4 |
| 2019-03-12 | CVE-2019-0271 | Improper Input Validation vulnerability in SAP products ABAP Server (used in NetWeaver and Suite/ERP) and ABAP Platform does not sufficiently validate an XML document accepted from an untrusted source, leading to an XML External Entity (XEE) vulnerability. | 6.5 |
| 2019-03-12 | CVE-2019-0269 | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence 4.10/4.20 SAP BusinessObjects Business Intelligence Platform (BI Workspace), versions 4.10 and 4.20, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 5.4 |
| 2019-02-15 | CVE-2019-0265 | XXE vulnerability in SAP products SLD Registration of ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. | 4.9 |
| 2019-02-15 | CVE-2019-0262 | Cross-site Scripting vulnerability in SAP Businessobjects BI Platform 4.10/4.20 SAP WebIntelligence BILaunchPad, versions 4.10, 4.20, does not sufficiently encode user-controlled inputs in generated HTML reports, resulting in Cross-Site Scripting (XSS) vulnerability. | 5.4 |
| 2019-02-15 | CVE-2019-0256 | Unspecified vulnerability in SAP Business ONE 1.2.12 Under certain conditions SAP Business One Mobile Android App, version 1.2.12, allows an attacker to access information which would otherwise be restricted. | 5.5 |
| 2019-02-15 | CVE-2019-0254 | Cross-site Scripting vulnerability in SAP Disclosure Management SAP Disclosure Management (before version 10.1 Stack 1301) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 5.4 |
| 2019-02-15 | CVE-2019-0251 | Cross-site Scripting vulnerability in SAP Businessobjects 4.2/4.3 The Fiori Launchpad of SAP BusinessObjects, before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 6.1 |