Vulnerabilities > SAP > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-12 | CVE-2018-2428 | Unspecified vulnerability in SAP Infrastructure and UI Under certain conditions SAP UI5 Handler allows an attacker to access information which would otherwise be restricted. | 5.3 |
| 2018-06-12 | CVE-2018-2425 | Unspecified vulnerability in SAP Business ONE 9.2/9.3 Under certain conditions, SAP Business One, 9.2, 9.3, for SAP HANA backup service allows an attacker to access information which would otherwise be restricted. | 5.5 |
| 2018-05-24 | CVE-2018-11415 | Cross-site Scripting vulnerability in SAP Internet Transaction Server 6.20 SAP Internet Transaction Server (ITS) 6200.X.X has Reflected Cross Site Scripting (XSS) via certain wgate URIs. | 6.1 |
| 2018-05-09 | CVE-2018-2419 | Missing Authorization vulnerability in SAP Ea-Finserv, S4Core and Sapscore SAP Enterprise Financial Services (SAPSCORE 1.11, 1.12; S4CORE 1.01, 1.02; EA-FINSERV 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 4.6 |
| 2018-05-09 | CVE-2018-2417 | Unspecified vulnerability in SAP Identity Management 8.0 Under certain conditions, the SAP Identity Management 8.0 (pass of type ToASCII) allows an attacker to access information which would otherwise be restricted. | 5.3 |
| 2018-05-09 | CVE-2018-2416 | Improper Input Validation vulnerability in SAP Identity Management 7.2/8.0 SAP Identity Management 7.2 and 8.0 do not sufficiently validate an XML document accepted from an untrusted source. | 5.4 |
| 2018-05-09 | CVE-2018-2415 | Encoding Error vulnerability in SAP products SAP NetWeaver Application Server Java Web Container and HTTP Service (Engine API, from 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; J2EE Engine Server Core 7.11, 7.30, 7.31, 7.40, 7.50) do not sufficiently encode user controlled inputs, resulting in a content spoofing vulnerability when error pages are displayed. | 4.7 |
| 2018-04-10 | CVE-2018-2410 | Cross-site Scripting vulnerability in SAP Business ONE 9.2/9.3 SAP Business One, 9.2, 9.3, browser access does not sufficiently encode user controlled inputs, which results in a Cross-Site Scripting (XSS) vulnerability. | 5.4 |
| 2018-04-10 | CVE-2018-2406 | Unquoted Search Path or Element vulnerability in SAP Crystal Reports Server Unquoted windows search path (directory/path traversal) vulnerability in Crystal Reports Server, OEM Edition (CRSE), 4.0, 4.10, 4.20, 4.30, startup path. | 5.3 |
| 2018-04-10 | CVE-2018-2405 | Cross-site Scripting vulnerability in SAP Solution Manager 7.10/7.20 SAP Solution Manager, 7.10, 7.20, Incident Management Work Center allows an attacker to upload a malicious script as an attachment and this could lead to possible Cross-Site Scripting. | 5.4 |