Vulnerabilities > SAP > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-10 | CVE-2018-2403 | Unspecified vulnerability in SAP Disclosure Management 10.1 Under certain conditions, SAP Disclosure Management 10.1 allows an attacker to access information which would otherwise be restricted. | 6.5 |
| 2018-03-14 | CVE-2018-2399 | Cross-site Scripting vulnerability in SAP Process Monitoring Infrastructure Cross-Site Scripting in Process Monitoring Infrastructure, from 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, due to inefficient encoding of user controlled inputs. | 6.1 |
| 2018-03-14 | CVE-2018-2397 | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform In SAP Business Objects Business Intelligence Platform, 4.00, 4.10, 4.20, 4.30, the Central Management Console (CMC) does not sufficiently encode user controlled inputs which results in Cross-Site Scripting. | 5.4 |
| 2018-03-01 | CVE-2018-2380 | Path Traversal vulnerability in SAP Customer Relationship Management SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs. | 6.6 |
| 2018-03-01 | CVE-2018-2365 | Cross-site Scripting vulnerability in SAP Netweaver Portal SAP NetWeaver Portal, WebDynpro Java, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 6.1 |
| 2018-02-14 | CVE-2018-2396 | Unspecified vulnerability in SAP Internet Graphics Server Under certain conditions a malicious user can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, using IGS Interpreter service. | 6.5 |
| 2018-02-14 | CVE-2018-2394 | Unspecified vulnerability in SAP Internet Graphics Server Under certain conditions an unauthenticated malicious user can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, services and/or system files. | 6.5 |
| 2018-02-14 | CVE-2018-2391 | Unspecified vulnerability in SAP Internet Graphics Server Under certain conditions a malicious user can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, via IGS portwatcher service. | 6.5 |
| 2018-02-14 | CVE-2018-2390 | Unspecified vulnerability in SAP Internet Graphics Server Under certain conditions a malicious user can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, via IGS Chart service. | 6.5 |
| 2018-02-14 | CVE-2018-2389 | Improper Encoding or Escaping of Output vulnerability in SAP Internet Graphics Server Under certain conditions a malicious user can inject log files of SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, hiding important information in the log file. | 5.7 |