Vulnerabilities > SAP > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-11 | CVE-2018-2457 | Unspecified vulnerability in SAP Adaptive Server Enterprise 16.0 Under certain conditions SAP Adaptive Server Enterprise, version 16.0, allows some privileged users to access information which would otherwise be restricted. | 4.0 |
| 2018-09-11 | CVE-2018-2455 | Missing Authorization vulnerability in SAP Enterprise Financial Services SAP Enterprise Financial Services, versions 6.05, 6.06, 6.16, 6.17, 6.18, 8.0 (in business function EAFS_BCA_BUSOPR_SEPA) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 6.5 |
| 2018-09-11 | CVE-2018-2454 | Missing Authorization vulnerability in SAP Enterprise Financial Services SAP Enterprise Financial Services, versions 6.05, 6.06, 6.16, 6.17, 6.18, 8.0 (in business function EAFS_BCA_BUSOPR_2) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 6.5 |
| 2018-09-11 | CVE-2018-2452 | Cross-site Scripting vulnerability in SAP Netweaver The logon application of SAP NetWeaver AS Java 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user-controlled inputs, resulting in a cross-site scripting (XSS) vulnerability. | 4.3 |
| 2018-08-14 | CVE-2018-2451 | Insufficient Session Expiration vulnerability in SAP Hana Extended Application Services 1.0 XS Command-Line Interface (CLI) user sessions with the SAP HANA Extended Application Services (XS), version 1, advanced server may have an unintentional prolonged period of validity. | 6.0 |
| 2018-08-14 | CVE-2018-2450 | SQL Injection vulnerability in SAP Maxdb 7.8/7.9 SAP MaxDB (liveCache), versions 7.8 and 7.9, allows an attacker who gets DBM operator privileges to execute crafted database queries and therefore read, modify or delete sensitive data from database. | 6.5 |
| 2018-08-14 | CVE-2018-2448 | Unspecified vulnerability in SAP Supplier Relationship Management MDM Catalog 3.0/7.01/7.02 Under certain conditions SAP SRM-MDM (CATALOG versions 3.0, 7.01, 7.02) utilities functionality allows an attacker to access information of user existence which would otherwise be restricted. | 5.0 |
| 2018-08-14 | CVE-2018-2447 | SQL Injection vulnerability in SAP Businessobjects Business Intelligence 4.2 SAP BusinessObjects Business Intelligence (Launchpad Web Intelligence), version 4.2, allows an attacker to execute crafted InfoObject queries, exposing the CMS InfoObjects database. | 4.0 |
| 2018-08-14 | CVE-2018-2446 | Unspecified vulnerability in SAP Businessobjects Business Intelligence 4.1/4.2 Admin tools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allow an unauthenticated user to read sensitive information (server name), hence leading to an information disclosure. | 5.0 |
| 2018-08-14 | CVE-2018-2445 | Server-Side Request Forgery (SSRF) vulnerability in SAP Businessobjects Business Intelligence 4.1/4.2 AdminTools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application, resulting in a Server-Side Request Forgery (SSRF) vulnerability. | 5.5 |