Vulnerabilities > SAP > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-04-10 CVE-2019-0278 Unspecified vulnerability in SAP Netweaver Process Integration
Under certain conditions the Monitoring Servlet of the SAP NetWeaver Process Integration (Messaging System), fixed in versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to see the names of database tables used by the application, leading to information disclosure.
network
low complexity
sap
4.3
2019-03-12 CVE-2019-0277 XXE vulnerability in SAP Hana Extended Application Services 1.0
SAP HANA extended application services, version 1, advanced does not sufficiently validate an XML document accepted from an authenticated developer with privileges to the SAP space (XML External Entity vulnerability).
network
low complexity
sap CWE-611
6.5
2019-03-12 CVE-2019-0275 Cross-site Scripting vulnerability in SAP Netweaver Application Server Java
SAML 1.1 SSO Demo Application in SAP NetWeaver Java Application Server (J2EE-APPS), versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40 and 7.50, does not sufficiently encode user-controlled inputs, which results in cross-site scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
5.4
2019-03-12 CVE-2019-0271 Improper Input Validation vulnerability in SAP products
ABAP Server (used in NetWeaver and Suite/ERP) and ABAP Platform does not sufficiently validate an XML document accepted from an untrusted source, leading to an XML External Entity (XEE) vulnerability.
network
low complexity
sap CWE-20
6.5
2019-03-12 CVE-2019-0269 Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence 4.10/4.20
SAP BusinessObjects Business Intelligence Platform (BI Workspace), versions 4.10 and 4.20, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
5.4
2019-02-15 CVE-2019-0265 XXE vulnerability in SAP products
SLD Registration of ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.
network
low complexity
sap CWE-611
4.9
2019-02-15 CVE-2019-0262 Cross-site Scripting vulnerability in SAP Businessobjects BI Platform 4.10/4.20
SAP WebIntelligence BILaunchPad, versions 4.10, 4.20, does not sufficiently encode user-controlled inputs in generated HTML reports, resulting in Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
5.4
2019-02-15 CVE-2019-0256 Unspecified vulnerability in SAP Business ONE 1.2.12
Under certain conditions SAP Business One Mobile Android App, version 1.2.12, allows an attacker to access information which would otherwise be restricted.
local
low complexity
sap
5.5
2019-02-15 CVE-2019-0254 Cross-site Scripting vulnerability in SAP Disclosure Management
SAP Disclosure Management (before version 10.1 Stack 1301) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
5.4
2019-02-15 CVE-2019-0251 Cross-site Scripting vulnerability in SAP Businessobjects 4.2/4.3
The Fiori Launchpad of SAP BusinessObjects, before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
6.1