Vulnerabilities > SAP > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-01-08 CVE-2019-0248 Unspecified vulnerability in SAP Basis and Netweaver
Under certain conditions SAP Gateway of ABAP Application Server (fixed in SAP_GWFND 7.5, 7.51, 7.52, 7.53; SAP_BASIS 7.5) allows an attacker to access information which would otherwise be restricted.
network
high complexity
sap
5.9
5.9
2019-01-08 CVE-2019-0245 Cross-site Scripting vulnerability in SAP products
SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
5.4
5.4
2019-01-08 CVE-2019-0244 Cross-site Scripting vulnerability in SAP products
SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
5.4
5.4
2019-01-08 CVE-2019-0238 Cross-site Scripting vulnerability in SAP Hybris
SAP Commerce (previously known as SAP Hybris Commerce), before version 6.7, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
6.1
6.1
2018-12-11 CVE-2018-2505 Cross-site Scripting vulnerability in SAP Hybris
SAP Commerce does not sufficiently validate user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability in storefronts that are based on the product.
network
low complexity
sap CWE-79
6.1
6.1
2018-12-11 CVE-2018-2504 Cross-site Scripting vulnerability in SAP Netweaver Application Server Java
SAP NetWeaver AS Java Web Container service does not validate against whitelist the HTTP host header which can result in HTTP Host Header Manipulation or Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
6.1
6.1
2018-12-11 CVE-2018-2502 Cross-site Scripting vulnerability in SAP Business ONE on Hana 9.2/9.3
TRACE method is enabled in SAP Business One Service Layer .
network
low complexity
sap CWE-79
6.1
6.1
2018-12-11 CVE-2018-2500 Unspecified vulnerability in SAP Mobile Secure
Under certain conditions SAP Mobile Secure Android client (before version 6.60.19942.0 SP28 1711) allows an attacker to access information which would otherwise be restricted.
local
high complexity
sap
4.7
4.7
2018-12-11 CVE-2018-2486 Cross-site Scripting vulnerability in SAP Marketing Sapscore and Marketing Uicuan
SAP Marketing (UICUAN (1.20, 1.30, 1.40), SAPSCORE (1.13, 1.14)) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
5.4
5.4
2018-11-13 CVE-2018-2483 Improper Authentication vulnerability in SAP Businessobjects Business Intelligence 4.1/4.2
HTTP Verb Tampering is possible in SAP BusinessObjects Business Intelligence Platform, versions 4.1 and 4.2, Central Management Console (CMC) by changing request method.
network
low complexity
sap CWE-287
4.3
4.3