Vulnerabilities > SAP > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-10 | CVE-2018-2434 | Insufficient Verification of Data Authenticity vulnerability in SAP Netweaver, UI Infra and User Interface Technology A content spoofing vulnerability in the following components allows to render html pages containing arbitrary plain text content, which might fool an end user: UI add-on for SAP NetWeaver (UI_Infra, 1.0), SAP UI Implementation for Decoupled Innovations (UI_700, 2.0): SAP NetWeaver 7.00 Implementation, SAP User Interface Technology (SAP_UI 7.4, 7.5, 7.51, 7.52). | 4.3 |
| 2018-07-10 | CVE-2018-2432 | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence 4.1/4.2/4.3 SAP BusinessObjects Business Intelligence (BI Launchpad and Central Management Console) versions 4.10, 4.20 and 4.30 allow an attacker to include invalidated data in the HTTP response header sent to a Web user. | 5.4 |
| 2018-07-10 | CVE-2018-2431 | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence 4.10/4.20 SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 6.1 |
| 2018-06-12 | CVE-2018-2428 | Unspecified vulnerability in SAP Infrastructure and UI Under certain conditions SAP UI5 Handler allows an attacker to access information which would otherwise be restricted. | 5.3 |
| 2018-06-12 | CVE-2018-2425 | Unspecified vulnerability in SAP Business ONE 9.2/9.3 Under certain conditions, SAP Business One, 9.2, 9.3, for SAP HANA backup service allows an attacker to access information which would otherwise be restricted. | 5.5 |
| 2018-05-24 | CVE-2018-11415 | Cross-site Scripting vulnerability in SAP Internet Transaction Server 6.20 SAP Internet Transaction Server (ITS) 6200.X.X has Reflected Cross Site Scripting (XSS) via certain wgate URIs. | 6.1 |
| 2018-05-09 | CVE-2018-2419 | Missing Authorization vulnerability in SAP Ea-Finserv, S4Core and Sapscore SAP Enterprise Financial Services (SAPSCORE 1.11, 1.12; S4CORE 1.01, 1.02; EA-FINSERV 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 4.6 |
| 2018-05-09 | CVE-2018-2417 | Unspecified vulnerability in SAP Identity Management 8.0 Under certain conditions, the SAP Identity Management 8.0 (pass of type ToASCII) allows an attacker to access information which would otherwise be restricted. | 5.3 |
| 2018-05-09 | CVE-2018-2416 | Improper Input Validation vulnerability in SAP Identity Management 7.2/8.0 SAP Identity Management 7.2 and 8.0 do not sufficiently validate an XML document accepted from an untrusted source. | 5.4 |
| 2018-05-09 | CVE-2018-2415 | Encoding Error vulnerability in SAP products SAP NetWeaver Application Server Java Web Container and HTTP Service (Engine API, from 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; J2EE Engine Server Core 7.11, 7.30, 7.31, 7.40, 7.50) do not sufficiently encode user controlled inputs, resulting in a content spoofing vulnerability when error pages are displayed. | 4.7 |