Vulnerabilities > SAP > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-11 | CVE-2018-2492 | Improper Input Validation vulnerability in SAP Netweaver SAML 2.0 functionality in SAP NetWeaver AS Java, does not sufficiently validate XML documents received from an untrusted source. | 5.5 |
| 2018-11-13 | CVE-2018-2491 | Code Injection vulnerability in SAP Fiori Client When opening a deep link URL in SAP Fiori Client with log level set to "Debug", the client application logs the URL to the log file. | 6.8 |
| 2018-11-13 | CVE-2018-2490 | Incorrect Permission Assignment for Critical Resource vulnerability in SAP Fiori Client The broadcast messages received by SAP Fiori Client are not protected by permissions. | 6.8 |
| 2018-11-13 | CVE-2018-2489 | Incorrect Permission Assignment for Critical Resource vulnerability in SAP Fiori Client Locally, without any permission, an arbitrary android application could delete the SSO configuration of SAP Fiori Client. | 6.8 |
| 2018-11-13 | CVE-2018-2488 | Unspecified vulnerability in SAP Fiori Client It is possible for a malware application installed on an Android device to send local push notifications with an empty message to SAP Fiori Client and cause the application to crash. network sap | 6.8 |
| 2018-11-13 | CVE-2018-2487 | Unspecified vulnerability in SAP Disclosure Management 10.1 SAP Disclosure Management 10.x allows an attacker to exploit through a specially crafted zip file provided by users: When extracted in specific use cases, files within this zip file can land in different locations than the originally intended extraction point. | 5.1 |
| 2018-11-13 | CVE-2018-2485 | Unspecified vulnerability in SAP Fiori Client It is possible for a malicious application or malware to execute JavaScript in a SAP Fiori application. | 6.4 |
| 2018-11-13 | CVE-2018-2483 | Improper Authentication vulnerability in SAP Businessobjects Business Intelligence 4.1/4.2 HTTP Verb Tampering is possible in SAP BusinessObjects Business Intelligence Platform, versions 4.1 and 4.2, Central Management Console (CMC) by changing request method. | 4.0 |
| 2018-11-13 | CVE-2018-2482 | Unspecified vulnerability in SAP Mobile Secure SAP Mobile Secure Android Application, Mobile-secure.apk Android client, before version 6.60.19942.0, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. | 5.0 |
| 2018-11-13 | CVE-2018-2481 | Improper Privilege Management vulnerability in SAP Advanced Business Application Programming In some SAP standard roles, in SAP_ABA versions, 7.00 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, 75C to 75D, a transaction code reserved for customer is used. | 6.5 |