Vulnerabilities > SAP > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-07-10 | CVE-2018-2432 | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence 4.1/4.2/4.3 SAP BusinessObjects Business Intelligence (BI Launchpad and Central Management Console) versions 4.10, 4.20 and 4.30 allow an attacker to include invalidated data in the HTTP response header sent to a Web user. | 5.4 |
2018-07-10 | CVE-2018-2431 | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence 4.10/4.20 SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 6.1 |
2018-06-12 | CVE-2018-2428 | Unspecified vulnerability in SAP Infrastructure and UI Under certain conditions SAP UI5 Handler allows an attacker to access information which would otherwise be restricted. | 5.3 |
2018-06-12 | CVE-2018-2425 | Unspecified vulnerability in SAP Business ONE 9.2/9.3 Under certain conditions, SAP Business One, 9.2, 9.3, for SAP HANA backup service allows an attacker to access information which would otherwise be restricted. | 5.5 |
2018-05-24 | CVE-2018-11415 | Cross-site Scripting vulnerability in SAP Internet Transaction Server 6.20 SAP Internet Transaction Server (ITS) 6200.X.X has Reflected Cross Site Scripting (XSS) via certain wgate URIs. | 6.1 |
2018-05-09 | CVE-2018-2419 | Missing Authorization vulnerability in SAP Ea-Finserv, S4Core and Sapscore SAP Enterprise Financial Services (SAPSCORE 1.11, 1.12; S4CORE 1.01, 1.02; EA-FINSERV 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 4.6 |
2018-05-09 | CVE-2018-2417 | Unspecified vulnerability in SAP Identity Management 8.0 Under certain conditions, the SAP Identity Management 8.0 (pass of type ToASCII) allows an attacker to access information which would otherwise be restricted. | 5.3 |
2018-05-09 | CVE-2018-2416 | Improper Input Validation vulnerability in SAP Identity Management 7.2/8.0 SAP Identity Management 7.2 and 8.0 do not sufficiently validate an XML document accepted from an untrusted source. | 5.4 |
2018-05-09 | CVE-2018-2415 | Encoding Error vulnerability in SAP products SAP NetWeaver Application Server Java Web Container and HTTP Service (Engine API, from 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; J2EE Engine Server Core 7.11, 7.30, 7.31, 7.40, 7.50) do not sufficiently encode user controlled inputs, resulting in a content spoofing vulnerability when error pages are displayed. | 4.7 |
2018-04-10 | CVE-2018-2410 | Cross-site Scripting vulnerability in SAP Business ONE 9.2/9.3 SAP Business One, 9.2, 9.3, browser access does not sufficiently encode user controlled inputs, which results in a Cross-Site Scripting (XSS) vulnerability. | 5.4 |