Vulnerabilities > SAP > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-05-14 | CVE-2019-0293 | Missing Authorization vulnerability in SAP Solution Manager System 20081700/20081710/20081740 Read of RFC destination does not always perform necessary authorization checks, resulting in escalation of privileges to access information on RFC destinations on managed systems and SAP Solution Manager system (ST-PI, before versions 2008_1_700, 2008_1_710, and 740). | 6.5 |
2019-05-14 | CVE-2019-0291 | Unspecified vulnerability in SAP Solution Manager 7.2 Under certain conditions Solution Manager, version 7.2, allows an attacker to access information which would otherwise be restricted. | 5.5 |
2019-04-10 | CVE-2019-0284 | XXE vulnerability in SAP Hana 1.0/2.0 SLD Registration in SAP HANA (fixed in versions 1.0, 2.0) does not sufficiently validate an XML document accepted from an untrusted source. | 6.0 |
2019-04-10 | CVE-2019-0282 | Improper Authentication vulnerability in SAP Netweaver Process Integration Several web pages in SAP NetWeaver Process Integration (Runtime Workbench), fixed in versions 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; can be accessed without user authentication, which might expose internal data like release information, Java package and Java object names which can be misused by the attacker. | 5.3 |
2019-04-10 | CVE-2019-0278 | Unspecified vulnerability in SAP Netweaver Process Integration Under certain conditions the Monitoring Servlet of the SAP NetWeaver Process Integration (Messaging System), fixed in versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to see the names of database tables used by the application, leading to information disclosure. | 4.3 |
2019-03-12 | CVE-2019-0277 | XXE vulnerability in SAP Hana Extended Application Services 1.0 SAP HANA extended application services, version 1, advanced does not sufficiently validate an XML document accepted from an authenticated developer with privileges to the SAP space (XML External Entity vulnerability). | 6.5 |
2019-03-12 | CVE-2019-0275 | Cross-site Scripting vulnerability in SAP Netweaver Application Server Java SAML 1.1 SSO Demo Application in SAP NetWeaver Java Application Server (J2EE-APPS), versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40 and 7.50, does not sufficiently encode user-controlled inputs, which results in cross-site scripting (XSS) vulnerability. | 5.4 |
2019-03-12 | CVE-2019-0271 | Improper Input Validation vulnerability in SAP products ABAP Server (used in NetWeaver and Suite/ERP) and ABAP Platform does not sufficiently validate an XML document accepted from an untrusted source, leading to an XML External Entity (XEE) vulnerability. | 6.5 |
2019-03-12 | CVE-2019-0269 | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence 4.10/4.20 SAP BusinessObjects Business Intelligence Platform (BI Workspace), versions 4.10 and 4.20, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 5.4 |
2019-02-15 | CVE-2019-0265 | XXE vulnerability in SAP products SLD Registration of ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. | 4.9 |