Vulnerabilities > SAP > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-12-12 CVE-2017-16687 Information Exposure vulnerability in SAP Hana Database 1.00/2.00
The user self-service tools of SAP HANA extended application services, classic user self-service, a part of SAP HANA Database versions 1.00 and 2.00, can be misused to enumerate valid and invalid user accounts.
network
low complexity
sap CWE-200
5.3
2017-12-12 CVE-2017-16685 Cross-site Scripting vulnerability in SAP Business Warehouse Universal Data Integration
Cross-Site scripting (XSS) in SAP Business Warehouse Universal Data Integration, from 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, due to insufficient encoding of user controlled inputs.
network
low complexity
sap CWE-79
6.1
2017-12-12 CVE-2017-16683 Unspecified vulnerability in SAP Businessobjects 4.10/4.20
Denial of Service (DOS) in SAP Business Objects Platform, Enterprise 4.10 and 4.20, that could allow an attacker to prevent legitimate users from accessing a service.
network
low complexity
sap
6.5
2017-12-12 CVE-2017-16681 Cross-site Scripting vulnerability in SAP Business Intelligence Promotion Management Application 4.10/4.20/4.30
Cross-Site Scripting (XSS) vulnerability in SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, 4.30, as user controlled inputs are not sufficiently encoded.
network
low complexity
sap CWE-79
6.1
2017-12-12 CVE-2017-16679 Open Redirect vulnerability in SAP Kernel
URL redirection vulnerability in SAP's Startup Service, SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.52, that allows an attacker to redirect users to a malicious site.
network
low complexity
sap CWE-601
6.1
2017-12-12 CVE-2017-16678 Server-Side Request Forgery (SSRF) vulnerability in SAP products
Server Side Request Forgery (SSRF) vulnerability in SAP NetWeaver Knowledge Management Configuration Service, EPBC and EPBC2 from 7.00 to 7.02; KMC-BC 7.30, 7.31, 7.40 and 7.50, that allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application.
network
low complexity
sap CWE-918
4.7
2017-12-03 CVE-2017-14516 Cross-site Scripting vulnerability in SAP Businessobjects Financial Consolidation
Cross-Site Scripting (XSS) exists in SAP Business Objects Financial Consolidation before 2017-06-13, aka SAP Security Note 2422292.
network
low complexity
sap CWE-79
6.1
2017-10-16 CVE-2017-15294 Cross-site Scripting vulnerability in SAP Customer Relationship Management
The Java administration console in SAP CRM has XSS.
network
low complexity
sap CWE-79
6.1
2017-09-29 CVE-2017-10701 Cross-site Scripting vulnerability in SAP Enterprise Portal
Cross site scripting (XSS) vulnerability in SAP Enterprise Portal 7.50 allows remote attackers to inject arbitrary web script or HTML, aka SAP Security Notes 2469860, 2471209, and 2488516.
network
low complexity
sap CWE-79
6.1
2017-07-25 CVE-2017-11460 Cross-site Scripting vulnerability in SAP Netweaver Portal 7.4
Cross-site scripting (XSS) vulnerability in the DataArchivingService servlet in SAP NetWeaver Portal 7.4 allows remote attackers to inject arbitrary web script or HTML via the responsecode parameter to shp/shp_result.jsp, aka SAP Security Note 2308535.
network
low complexity
sap CWE-79
6.1