Vulnerabilities > SAP > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-13 | CVE-2018-2479 | Cross-site Scripting vulnerability in SAP Businessobjects BI Platform 4.1/4.2 SAP BusinessObjects Business Intelligence Platform (BIWorkspace), versions 4.1 and 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 6.1 |
| 2018-11-13 | CVE-2018-2476 | Open Redirect vulnerability in SAP Netweaver 7.30/7.31/7.40 Due to insufficient URL Validation in forums in SAP NetWeaver versions 7.30, 7.31, 7.40, an attacker can redirect users to a malicious site. | 6.1 |
| 2018-11-13 | CVE-2018-2473 | Unspecified vulnerability in SAP Businessobjects Business Intelligence 4.1/4.2 SAP BusinessObjects Business Intelligence Platform Server, versions 4.1 and 4.2, when using Web Intelligence Richclient 3 tiers mode gateway allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. | 6.5 |
| 2018-10-09 | CVE-2018-2474 | Cross-Site Request Forgery (CSRF) vulnerability in SAP Fiori 1.0 SAP Fiori 1.0 for SAP ERP HCM (Approve Leave Request, version 2) application allows an attacker to trick an authenticated user to send unintended request to the web server. | 6.5 |
| 2018-10-09 | CVE-2018-2472 | Cross-site Scripting vulnerability in SAP Businessobjects BI Platform 4.1/4.2 SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 (Web Intelligence DHTML client) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 6.1 |
| 2018-10-09 | CVE-2018-2470 | Cross-site Scripting vulnerability in SAP Netweaver In SAP NetWeaver Application Server for ABAP, from 7.0 to 7.02, 7.30, 7.31, 7.40 and from 7.50 to 7.53, applications do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 6.1 |
| 2018-10-09 | CVE-2018-2467 | Unspecified vulnerability in SAP Businessobjects BI Platform 4.1/4.2 In the Software Development Kit in SAP BusinessObjects BI Platform Servers, versions 4.1 and 4.2, using the specially crafted URL in a Web Browser such as Chrome the system returns an error with the path of the used application server. | 5.3 |
| 2018-10-09 | CVE-2018-2466 | Cross-site Scripting vulnerability in SAP Data Services 4.2 In Impact and Lineage Analysis in SAP Data Services, version 4.2, the management console does not sufficiently validate user-controlled inputs, which results in Cross-Site Scripting (XSS) vulnerability. | 5.4 |
| 2018-09-11 | CVE-2018-2464 | Cross-site Scripting vulnerability in SAP Netweaver SAP WebDynpro Java, versions 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting (XSS) vulnerability. | 6.1 |
| 2018-09-11 | CVE-2018-2460 | Improper Certificate Validation vulnerability in SAP Business ONE 1.2 SAP Business One Android application, version 1.2, does not verify the certificate properly for HTTPS connection. | 5.9 |