Vulnerabilities > SAP > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-08 | CVE-2019-0245 | Cross-site Scripting vulnerability in SAP products SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 5.4 |
| 2019-01-08 | CVE-2019-0244 | Cross-site Scripting vulnerability in SAP products SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 5.4 |
| 2019-01-08 | CVE-2019-0238 | Cross-site Scripting vulnerability in SAP Hybris SAP Commerce (previously known as SAP Hybris Commerce), before version 6.7, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 6.1 |
| 2018-12-11 | CVE-2018-2505 | Cross-site Scripting vulnerability in SAP Hybris SAP Commerce does not sufficiently validate user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability in storefronts that are based on the product. | 6.1 |
| 2018-12-11 | CVE-2018-2504 | Cross-site Scripting vulnerability in SAP Netweaver Application Server Java SAP NetWeaver AS Java Web Container service does not validate against whitelist the HTTP host header which can result in HTTP Host Header Manipulation or Cross-Site Scripting (XSS) vulnerability. | 6.1 |
| 2018-12-11 | CVE-2018-2502 | Cross-site Scripting vulnerability in SAP Business ONE on Hana 9.2/9.3 TRACE method is enabled in SAP Business One Service Layer . | 6.1 |
| 2018-12-11 | CVE-2018-2500 | Unspecified vulnerability in SAP Mobile Secure Under certain conditions SAP Mobile Secure Android client (before version 6.60.19942.0 SP28 1711) allows an attacker to access information which would otherwise be restricted. | 4.7 |
| 2018-12-11 | CVE-2018-2486 | Cross-site Scripting vulnerability in SAP Marketing Sapscore and Marketing Uicuan SAP Marketing (UICUAN (1.20, 1.30, 1.40), SAPSCORE (1.13, 1.14)) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 5.4 |
| 2018-11-13 | CVE-2018-2483 | Improper Authentication vulnerability in SAP Businessobjects Business Intelligence 4.1/4.2 HTTP Verb Tampering is possible in SAP BusinessObjects Business Intelligence Platform, versions 4.1 and 4.2, Central Management Console (CMC) by changing request method. | 4.3 |
| 2018-11-13 | CVE-2018-2479 | Cross-site Scripting vulnerability in SAP Businessobjects BI Platform 4.1/4.2 SAP BusinessObjects Business Intelligence Platform (BIWorkspace), versions 4.1 and 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 6.1 |