Vulnerabilities > SAP > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-09 | CVE-2018-2468 | Unspecified vulnerability in SAP Adaptive Server Enterprise 15.7/16.0 Under certain conditions the backup server in SAP Adaptive Server Enterprise (ASE), versions 15.7 and 16.0, allows an attacker to access information which would otherwise be restricted. | 5.0 |
| 2018-10-09 | CVE-2018-2467 | Unspecified vulnerability in SAP Businessobjects BI Platform 4.1/4.2 In the Software Development Kit in SAP BusinessObjects BI Platform Servers, versions 4.1 and 4.2, using the specially crafted URL in a Web Browser such as Chrome the system returns an error with the path of the used application server. | 5.0 |
| 2018-09-11 | CVE-2018-2465 | Improper Input Validation vulnerability in SAP Hana 1.0/2.0 SAP HANA (versions 1.0 and 2.0) Extended Application Services classic model OData parser does not sufficiently validate XML. | 5.0 |
| 2018-09-11 | CVE-2018-2464 | Cross-site Scripting vulnerability in SAP Netweaver SAP WebDynpro Java, versions 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting (XSS) vulnerability. | 4.3 |
| 2018-09-11 | CVE-2018-2463 | Server-Side Request Forgery (SSRF) vulnerability in SAP Hybris The Omni Commerce Connect API (OCC) of SAP Hybris Commerce, versions 6.*, is vulnerable to server-side request forgery (SSRF) attacks. | 5.0 |
| 2018-09-11 | CVE-2018-2462 | Improper Input Validation vulnerability in SAP Netweaver In certain cases, BEx Web Java Runtime Export Web Service in SAP NetWeaver BI 7.30, 7.31. | 6.5 |
| 2018-09-11 | CVE-2018-2461 | Missing Authorization vulnerability in SAP People Profile 6.0 Missing authorization check in SAP HCM Fiori "People Profile" (GBX01 HR version 6.0) for an authenticated user which may result in an escalation of privileges. | 6.5 |
| 2018-09-11 | CVE-2018-2460 | Improper Certificate Validation vulnerability in SAP Business ONE 1.2 SAP Business One Android application, version 1.2, does not verify the certificate properly for HTTPS connection. | 4.3 |
| 2018-09-11 | CVE-2018-2459 | Unspecified vulnerability in SAP Mobile Platform 3.0 Users of an SAP Mobile Platform (version 3.0) Offline OData application, which uses Offline OData-supplied delta tokens (which is on by default), occasionally receive some data values of a different user. | 5.0 |
| 2018-09-11 | CVE-2018-2458 | Unspecified vulnerability in SAP Business ONE 9.2/9.3 Under certain conditions, Crystal Report using SAP Business One, versions 9.2 and 9.3, connection type allows an attacker to access information which would otherwise be restricted. | 5.0 |