Vulnerabilities > SAP > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-07-10 CVE-2018-2432 Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence 4.1/4.2/4.3
SAP BusinessObjects Business Intelligence (BI Launchpad and Central Management Console) versions 4.10, 4.20 and 4.30 allow an attacker to include invalidated data in the HTTP response header sent to a Web user.
network
low complexity
sap CWE-79
5.4
2018-07-10 CVE-2018-2431 Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence 4.10/4.20
SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
6.1
2018-06-12 CVE-2018-2428 Unspecified vulnerability in SAP Infrastructure and UI
Under certain conditions SAP UI5 Handler allows an attacker to access information which would otherwise be restricted.
network
low complexity
sap
5.3
2018-06-12 CVE-2018-2425 Unspecified vulnerability in SAP Business ONE 9.2/9.3
Under certain conditions, SAP Business One, 9.2, 9.3, for SAP HANA backup service allows an attacker to access information which would otherwise be restricted.
local
low complexity
sap
5.5
2018-05-24 CVE-2018-11415 Cross-site Scripting vulnerability in SAP Internet Transaction Server 6.20
SAP Internet Transaction Server (ITS) 6200.X.X has Reflected Cross Site Scripting (XSS) via certain wgate URIs.
network
low complexity
sap CWE-79
6.1
2018-05-09 CVE-2018-2419 Missing Authorization vulnerability in SAP Ea-Finserv, S4Core and Sapscore
SAP Enterprise Financial Services (SAPSCORE 1.11, 1.12; S4CORE 1.01, 1.02; EA-FINSERV 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
network
low complexity
sap CWE-862
4.6
2018-05-09 CVE-2018-2417 Unspecified vulnerability in SAP Identity Management 8.0
Under certain conditions, the SAP Identity Management 8.0 (pass of type ToASCII) allows an attacker to access information which would otherwise be restricted.
network
low complexity
sap
5.3
2018-05-09 CVE-2018-2416 Improper Input Validation vulnerability in SAP Identity Management 7.2/8.0
SAP Identity Management 7.2 and 8.0 do not sufficiently validate an XML document accepted from an untrusted source.
network
low complexity
sap CWE-20
5.4
2018-05-09 CVE-2018-2415 Encoding Error vulnerability in SAP products
SAP NetWeaver Application Server Java Web Container and HTTP Service (Engine API, from 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; J2EE Engine Server Core 7.11, 7.30, 7.31, 7.40, 7.50) do not sufficiently encode user controlled inputs, resulting in a content spoofing vulnerability when error pages are displayed.
network
low complexity
sap CWE-172
4.7
2018-04-10 CVE-2018-2410 Cross-site Scripting vulnerability in SAP Business ONE 9.2/9.3
SAP Business One, 9.2, 9.3, browser access does not sufficiently encode user controlled inputs, which results in a Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
5.4