Vulnerabilities > SAP > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-04-10 CVE-2018-2406 Unquoted Search Path or Element vulnerability in SAP Crystal Reports Server
Unquoted windows search path (directory/path traversal) vulnerability in Crystal Reports Server, OEM Edition (CRSE), 4.0, 4.10, 4.20, 4.30, startup path.
local
low complexity
sap CWE-428
5.3
2018-04-10 CVE-2018-2405 Cross-site Scripting vulnerability in SAP Solution Manager 7.10/7.20
SAP Solution Manager, 7.10, 7.20, Incident Management Work Center allows an attacker to upload a malicious script as an attachment and this could lead to possible Cross-Site Scripting.
network
low complexity
sap CWE-79
5.4
2018-04-10 CVE-2018-2403 Unspecified vulnerability in SAP Disclosure Management 10.1
Under certain conditions, SAP Disclosure Management 10.1 allows an attacker to access information which would otherwise be restricted.
network
low complexity
sap
6.5
2018-03-14 CVE-2018-2399 Cross-site Scripting vulnerability in SAP Process Monitoring Infrastructure
Cross-Site Scripting in Process Monitoring Infrastructure, from 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, due to inefficient encoding of user controlled inputs.
network
low complexity
sap CWE-79
6.1
2018-03-14 CVE-2018-2397 Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform
In SAP Business Objects Business Intelligence Platform, 4.00, 4.10, 4.20, 4.30, the Central Management Console (CMC) does not sufficiently encode user controlled inputs which results in Cross-Site Scripting.
network
low complexity
sap CWE-79
5.4
2018-03-01 CVE-2018-2380 Path Traversal vulnerability in SAP Customer Relationship Management
SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs.
network
low complexity
sap CWE-22
6.6
2018-03-01 CVE-2018-2365 Cross-site Scripting vulnerability in SAP Netweaver Portal
SAP NetWeaver Portal, WebDynpro Java, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
6.1
2018-02-14 CVE-2018-2396 Unspecified vulnerability in SAP Internet Graphics Server
Under certain conditions a malicious user can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, using IGS Interpreter service.
network
low complexity
sap
6.5
2018-02-14 CVE-2018-2394 Unspecified vulnerability in SAP Internet Graphics Server
Under certain conditions an unauthenticated malicious user can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, services and/or system files.
network
low complexity
sap
6.5
2018-02-14 CVE-2018-2391 Unspecified vulnerability in SAP Internet Graphics Server
Under certain conditions a malicious user can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, via IGS portwatcher service.
network
low complexity
sap
6.5