Vulnerabilities > SAP > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-08-14 CVE-2018-2441 Unspecified vulnerability in SAP Kernel
Under certain conditions the SAP Change and Transport System (ABAP), SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49, 7.53 and 7.73, allows an attacker to transport information which would otherwise be restricted.
network
low complexity
sap
5.5
2018-07-10 CVE-2018-2440 Information Exposure Through Log Files vulnerability in SAP Dynamic Authorization Management 7.7/8.5
Under certain circumstances SAP Dynamic Authorization Management (DAM) by NextLabs (Java Policy Controller versions 7.7 and 8.5) exposes sensitive information in the application logs.
local
low complexity
sap CWE-532
4.4
2018-07-10 CVE-2018-2439 Improper Input Validation vulnerability in SAP Internet Graphics Server
The SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, has insufficient request validation (for example, where the request is validated for authenticity and validity) and under certain conditions, will process invalid requests.
network
high complexity
sap CWE-20
5.9
2018-07-10 CVE-2018-2435 Cross-site Scripting vulnerability in SAP Netweaver Enterprise Portal
SAP NetWeaver Enterprise Portal from 7.0 to 7.02, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
6.1
2018-07-10 CVE-2018-2434 Insufficient Verification of Data Authenticity vulnerability in SAP Netweaver, UI Infra and User Interface Technology
A content spoofing vulnerability in the following components allows to render html pages containing arbitrary plain text content, which might fool an end user: UI add-on for SAP NetWeaver (UI_Infra, 1.0), SAP UI Implementation for Decoupled Innovations (UI_700, 2.0): SAP NetWeaver 7.00 Implementation, SAP User Interface Technology (SAP_UI 7.4, 7.5, 7.51, 7.52).
network
low complexity
sap CWE-345
4.3
2018-07-10 CVE-2018-2432 Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence 4.1/4.2/4.3
SAP BusinessObjects Business Intelligence (BI Launchpad and Central Management Console) versions 4.10, 4.20 and 4.30 allow an attacker to include invalidated data in the HTTP response header sent to a Web user.
network
low complexity
sap CWE-79
5.4
2018-07-10 CVE-2018-2431 Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence 4.10/4.20
SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
6.1
2018-06-12 CVE-2018-2428 Unspecified vulnerability in SAP Infrastructure and UI
Under certain conditions SAP UI5 Handler allows an attacker to access information which would otherwise be restricted.
network
low complexity
sap
5.3
2018-06-12 CVE-2018-2425 Unspecified vulnerability in SAP Business ONE 9.2/9.3
Under certain conditions, SAP Business One, 9.2, 9.3, for SAP HANA backup service allows an attacker to access information which would otherwise be restricted.
local
low complexity
sap
5.5
2018-05-24 CVE-2018-11415 Cross-site Scripting vulnerability in SAP Internet Transaction Server 6.20
SAP Internet Transaction Server (ITS) 6200.X.X has Reflected Cross Site Scripting (XSS) via certain wgate URIs.
network
low complexity
sap CWE-79
6.1