Vulnerabilities > SAP > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-13 | CVE-2018-2479 | Cross-site Scripting vulnerability in SAP Businessobjects BI Platform 4.1/4.2 SAP BusinessObjects Business Intelligence Platform (BIWorkspace), versions 4.1 and 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 4.3 |
| 2018-11-13 | CVE-2018-2478 | Unspecified vulnerability in SAP Basis An attacker can use specially crafted inputs to execute commands on the host of a TREX / BWA installation, SAP Basis, versions: 7.0 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40 and 7.50 to 7.53. | 6.5 |
| 2018-11-13 | CVE-2018-2477 | XML Injection (aka Blind XPath Injection) vulnerability in SAP Netweaver Knowledge Management (XMLForms) in SAP NetWeaver, versions 7.30, 7.31, 7.40 and 7.50 does not sufficiently validate an XML document accepted from an untrusted source. | 6.5 |
| 2018-11-13 | CVE-2018-2476 | Open Redirect vulnerability in SAP Netweaver 7.30/7.31/7.40 Due to insufficient URL Validation in forums in SAP NetWeaver versions 7.30, 7.31, 7.40, an attacker can redirect users to a malicious site. | 5.8 |
| 2018-11-13 | CVE-2018-2473 | Unspecified vulnerability in SAP Businessobjects Business Intelligence 4.1/4.2 SAP BusinessObjects Business Intelligence Platform Server, versions 4.1 and 4.2, when using Web Intelligence Richclient 3 tiers mode gateway allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. | 4.0 |
| 2018-10-09 | CVE-2018-2474 | Cross-Site Request Forgery (CSRF) vulnerability in SAP Fiori 1.0 SAP Fiori 1.0 for SAP ERP HCM (Approve Leave Request, version 2) application allows an attacker to trick an authenticated user to send unintended request to the web server. | 4.3 |
| 2018-10-09 | CVE-2018-2472 | Cross-site Scripting vulnerability in SAP Businessobjects BI Platform 4.1/4.2 SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 (Web Intelligence DHTML client) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 4.3 |
| 2018-10-09 | CVE-2018-2471 | Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 4.10/4.20 Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 allows an attacker to access information which would otherwise be restricted. | 5.0 |
| 2018-10-09 | CVE-2018-2470 | Cross-site Scripting vulnerability in SAP Netweaver In SAP NetWeaver Application Server for ABAP, from 7.0 to 7.02, 7.30, 7.31, 7.40 and from 7.50 to 7.53, applications do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 4.3 |
| 2018-10-09 | CVE-2018-2469 | Unspecified vulnerability in SAP Adaptive Server Enterprise 15.7/16.0 Under certain conditions SAP Adaptive Server Enterprise (ASE), versions 15.7 and 16.0, allows an attacker to access information which would otherwise be restricted. | 5.0 |