Vulnerabilities > SAP > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-12-11 CVE-2018-2502 Cross-site Scripting vulnerability in SAP Business ONE on Hana 9.2/9.3
TRACE method is enabled in SAP Business One Service Layer .
network
low complexity
sap CWE-79
6.1
2018-12-11 CVE-2018-2500 Unspecified vulnerability in SAP Mobile Secure
Under certain conditions SAP Mobile Secure Android client (before version 6.60.19942.0 SP28 1711) allows an attacker to access information which would otherwise be restricted.
local
high complexity
sap
4.7
2018-12-11 CVE-2018-2486 Cross-site Scripting vulnerability in SAP Marketing Sapscore and Marketing Uicuan
SAP Marketing (UICUAN (1.20, 1.30, 1.40), SAPSCORE (1.13, 1.14)) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
5.4
2018-11-13 CVE-2018-2483 Improper Authentication vulnerability in SAP Businessobjects Business Intelligence 4.1/4.2
HTTP Verb Tampering is possible in SAP BusinessObjects Business Intelligence Platform, versions 4.1 and 4.2, Central Management Console (CMC) by changing request method.
network
low complexity
sap CWE-287
4.3
2018-11-13 CVE-2018-2479 Cross-site Scripting vulnerability in SAP Businessobjects BI Platform 4.1/4.2
SAP BusinessObjects Business Intelligence Platform (BIWorkspace), versions 4.1 and 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
6.1
2018-11-13 CVE-2018-2476 Open Redirect vulnerability in SAP Netweaver 7.30/7.31/7.40
Due to insufficient URL Validation in forums in SAP NetWeaver versions 7.30, 7.31, 7.40, an attacker can redirect users to a malicious site.
network
low complexity
sap CWE-601
6.1
2018-11-13 CVE-2018-2473 Unspecified vulnerability in SAP Businessobjects Business Intelligence 4.1/4.2
SAP BusinessObjects Business Intelligence Platform Server, versions 4.1 and 4.2, when using Web Intelligence Richclient 3 tiers mode gateway allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.
network
low complexity
sap
6.5
2018-10-09 CVE-2018-2474 Cross-Site Request Forgery (CSRF) vulnerability in SAP Fiori 1.0
SAP Fiori 1.0 for SAP ERP HCM (Approve Leave Request, version 2) application allows an attacker to trick an authenticated user to send unintended request to the web server.
network
low complexity
sap CWE-352
6.5
2018-10-09 CVE-2018-2472 Cross-site Scripting vulnerability in SAP Businessobjects BI Platform 4.1/4.2
SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 (Web Intelligence DHTML client) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
6.1
2018-10-09 CVE-2018-2470 Cross-site Scripting vulnerability in SAP Netweaver
In SAP NetWeaver Application Server for ABAP, from 7.0 to 7.02, 7.30, 7.31, 7.40 and from 7.50 to 7.53, applications do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
6.1