Vulnerabilities > SAP > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-09-11 | CVE-2018-2452 | Cross-site Scripting vulnerability in SAP Netweaver Application Server Java The logon application of SAP NetWeaver AS Java 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user-controlled inputs, resulting in a cross-site scripting (XSS) vulnerability. | 6.1 |
2018-08-14 | CVE-2018-2451 | Insufficient Session Expiration vulnerability in SAP Hana Extended Application Services 1.0 XS Command-Line Interface (CLI) user sessions with the SAP HANA Extended Application Services (XS), version 1, advanced server may have an unintentional prolonged period of validity. | 6.6 |
2018-08-14 | CVE-2018-2448 | Unspecified vulnerability in SAP Supplier Relationship Management MDM Catalog 3.0/7.01/7.02 Under certain conditions SAP SRM-MDM (CATALOG versions 3.0, 7.01, 7.02) utilities functionality allows an attacker to access information of user existence which would otherwise be restricted. | 5.3 |
2018-08-14 | CVE-2018-2447 | SQL Injection vulnerability in SAP Businessobjects Business Intelligence 4.2 SAP BusinessObjects Business Intelligence (Launchpad Web Intelligence), version 4.2, allows an attacker to execute crafted InfoObject queries, exposing the CMS InfoObjects database. | 6.5 |
2018-08-14 | CVE-2018-2444 | Cross-site Scripting vulnerability in SAP Businessobjects Financial Consolidation 10.0/10.1 SAP BusinessObjects Financial Consolidation, versions 10.0, 10.1, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 6.1 |
2018-08-14 | CVE-2018-2441 | Unspecified vulnerability in SAP Kernel Under certain conditions the SAP Change and Transport System (ABAP), SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49, 7.53 and 7.73, allows an attacker to transport information which would otherwise be restricted. | 5.5 |
2018-07-10 | CVE-2018-2440 | Information Exposure Through Log Files vulnerability in SAP Dynamic Authorization Management 7.7/8.5 Under certain circumstances SAP Dynamic Authorization Management (DAM) by NextLabs (Java Policy Controller versions 7.7 and 8.5) exposes sensitive information in the application logs. | 4.4 |
2018-07-10 | CVE-2018-2439 | Improper Input Validation vulnerability in SAP Internet Graphics Server The SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, has insufficient request validation (for example, where the request is validated for authenticity and validity) and under certain conditions, will process invalid requests. | 5.9 |
2018-07-10 | CVE-2018-2435 | Cross-site Scripting vulnerability in SAP Netweaver Enterprise Portal SAP NetWeaver Enterprise Portal from 7.0 to 7.02, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 6.1 |
2018-07-10 | CVE-2018-2434 | Insufficient Verification of Data Authenticity vulnerability in SAP Netweaver, UI Infra and User Interface Technology A content spoofing vulnerability in the following components allows to render html pages containing arbitrary plain text content, which might fool an end user: UI add-on for SAP NetWeaver (UI_Infra, 1.0), SAP UI Implementation for Decoupled Innovations (UI_700, 2.0): SAP NetWeaver 7.00 Implementation, SAP User Interface Technology (SAP_UI 7.4, 7.5, 7.51, 7.52). | 4.3 |