Vulnerabilities > SAP > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-10-09 CVE-2018-2467 Unspecified vulnerability in SAP Businessobjects BI Platform 4.1/4.2
In the Software Development Kit in SAP BusinessObjects BI Platform Servers, versions 4.1 and 4.2, using the specially crafted URL in a Web Browser such as Chrome the system returns an error with the path of the used application server.
network
low complexity
sap
5.3
2018-10-09 CVE-2018-2466 Cross-site Scripting vulnerability in SAP Data Services 4.2
In Impact and Lineage Analysis in SAP Data Services, version 4.2, the management console does not sufficiently validate user-controlled inputs, which results in Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
5.4
2018-09-11 CVE-2018-2464 Cross-site Scripting vulnerability in SAP Netweaver
SAP WebDynpro Java, versions 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
6.1
2018-09-11 CVE-2018-2460 Improper Certificate Validation vulnerability in SAP Business ONE 1.2
SAP Business One Android application, version 1.2, does not verify the certificate properly for HTTPS connection.
network
high complexity
sap CWE-295
5.9
2018-09-11 CVE-2018-2457 Unspecified vulnerability in SAP Adaptive Server Enterprise 16.0
Under certain conditions SAP Adaptive Server Enterprise, version 16.0, allows some privileged users to access information which would otherwise be restricted.
network
low complexity
sap
6.5
2018-09-11 CVE-2018-2452 Cross-site Scripting vulnerability in SAP Netweaver Application Server Java
The logon application of SAP NetWeaver AS Java 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user-controlled inputs, resulting in a cross-site scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
6.1
2018-08-14 CVE-2018-2451 Insufficient Session Expiration vulnerability in SAP Hana Extended Application Services 1.0
XS Command-Line Interface (CLI) user sessions with the SAP HANA Extended Application Services (XS), version 1, advanced server may have an unintentional prolonged period of validity.
network
high complexity
sap CWE-613
6.6
2018-08-14 CVE-2018-2448 Unspecified vulnerability in SAP Supplier Relationship Management MDM Catalog 3.0/7.01/7.02
Under certain conditions SAP SRM-MDM (CATALOG versions 3.0, 7.01, 7.02) utilities functionality allows an attacker to access information of user existence which would otherwise be restricted.
network
low complexity
sap
5.3
2018-08-14 CVE-2018-2447 SQL Injection vulnerability in SAP Businessobjects Business Intelligence 4.2
SAP BusinessObjects Business Intelligence (Launchpad Web Intelligence), version 4.2, allows an attacker to execute crafted InfoObject queries, exposing the CMS InfoObjects database.
network
low complexity
sap CWE-89
6.5
2018-08-14 CVE-2018-2444 Cross-site Scripting vulnerability in SAP Businessobjects Financial Consolidation 10.0/10.1
SAP BusinessObjects Financial Consolidation, versions 10.0, 10.1, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
6.1