Vulnerabilities > SAP > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-04-10 | CVE-2018-2406 | Unquoted Search Path or Element vulnerability in SAP Crystal Reports Server Unquoted windows search path (directory/path traversal) vulnerability in Crystal Reports Server, OEM Edition (CRSE), 4.0, 4.10, 4.20, 4.30, startup path. | 5.3 |
2018-04-10 | CVE-2018-2405 | Cross-site Scripting vulnerability in SAP Solution Manager 7.10/7.20 SAP Solution Manager, 7.10, 7.20, Incident Management Work Center allows an attacker to upload a malicious script as an attachment and this could lead to possible Cross-Site Scripting. | 5.4 |
2018-04-10 | CVE-2018-2403 | Unspecified vulnerability in SAP Disclosure Management 10.1 Under certain conditions, SAP Disclosure Management 10.1 allows an attacker to access information which would otherwise be restricted. | 6.5 |
2018-03-14 | CVE-2018-2399 | Cross-site Scripting vulnerability in SAP Process Monitoring Infrastructure Cross-Site Scripting in Process Monitoring Infrastructure, from 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, due to inefficient encoding of user controlled inputs. | 6.1 |
2018-03-14 | CVE-2018-2397 | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform In SAP Business Objects Business Intelligence Platform, 4.00, 4.10, 4.20, 4.30, the Central Management Console (CMC) does not sufficiently encode user controlled inputs which results in Cross-Site Scripting. | 5.4 |
2018-03-01 | CVE-2018-2380 | Path Traversal vulnerability in SAP Customer Relationship Management SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs. | 6.6 |
2018-03-01 | CVE-2018-2365 | Cross-site Scripting vulnerability in SAP Netweaver Portal SAP NetWeaver Portal, WebDynpro Java, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 6.1 |
2018-02-14 | CVE-2018-2396 | Unspecified vulnerability in SAP Internet Graphics Server Under certain conditions a malicious user can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, using IGS Interpreter service. | 6.5 |
2018-02-14 | CVE-2018-2394 | Unspecified vulnerability in SAP Internet Graphics Server Under certain conditions an unauthenticated malicious user can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, services and/or system files. | 6.5 |
2018-02-14 | CVE-2018-2391 | Unspecified vulnerability in SAP Internet Graphics Server Under certain conditions a malicious user can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, via IGS portwatcher service. | 6.5 |