Vulnerabilities > SAP > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-10 | CVE-2018-2432 | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence 4.1/4.2/4.3 SAP BusinessObjects Business Intelligence (BI Launchpad and Central Management Console) versions 4.10, 4.20 and 4.30 allow an attacker to include invalidated data in the HTTP response header sent to a Web user. | 4.9 |
| 2018-07-10 | CVE-2018-2431 | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence 4.10/4.20 SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 4.3 |
| 2018-07-10 | CVE-2018-2427 | Code Injection vulnerability in SAP products SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, and SAP Crystal Reports (version for Visual Studio .NET, Version 2010) allows an attacker to inject code that can be executed by the application. | 6.5 |
| 2018-06-12 | CVE-2018-2428 | Unspecified vulnerability in SAP Infrastructure and UI Under certain conditions SAP UI5 Handler allows an attacker to access information which would otherwise be restricted. | 5.0 |
| 2018-06-12 | CVE-2018-2424 | Improper Input Validation vulnerability in SAP products SAP UI5 did not validate user input before adding it to the DOM structure. | 5.0 |
| 2018-05-24 | CVE-2018-11415 | Cross-site Scripting vulnerability in SAP Internet Transaction Server 6.20 SAP Internet Transaction Server (ITS) 6200.X.X has Reflected Cross Site Scripting (XSS) via certain wgate URIs. | 4.3 |
| 2018-05-09 | CVE-2018-2423 | Unspecified vulnerability in SAP Internet Graphics Server SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, HTTP and RFC listener allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. | 5.0 |
| 2018-05-09 | CVE-2018-2422 | Unspecified vulnerability in SAP Internet Graphics Server SAP Internet Graphics Server (IGS) Portwatcher, 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. | 5.0 |
| 2018-05-09 | CVE-2018-2421 | Unspecified vulnerability in SAP Internet Graphics Server SAP Internet Graphics Server (IGS) Portwatcher, 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. | 5.0 |
| 2018-05-09 | CVE-2018-2419 | Missing Authorization vulnerability in SAP Ea-Finserv, S4Core and Sapscore SAP Enterprise Financial Services (SAPSCORE 1.11, 1.12; S4CORE 1.01, 1.02; EA-FINSERV 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 5.5 |