Vulnerabilities > SAP > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-09 | CVE-2018-2417 | Unspecified vulnerability in SAP Identity Management 8.0 Under certain conditions, the SAP Identity Management 8.0 (pass of type ToASCII) allows an attacker to access information which would otherwise be restricted. | 5.0 |
| 2018-05-09 | CVE-2018-2416 | Improper Input Validation vulnerability in SAP Identity Management 7.2/8.0 SAP Identity Management 7.2 and 8.0 do not sufficiently validate an XML document accepted from an untrusted source. | 5.5 |
| 2018-05-09 | CVE-2018-2415 | Encoding Error vulnerability in SAP products SAP NetWeaver Application Server Java Web Container and HTTP Service (Engine API, from 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; J2EE Engine Server Core 7.11, 7.30, 7.31, 7.40, 7.50) do not sufficiently encode user controlled inputs, resulting in a content spoofing vulnerability when error pages are displayed. | 4.3 |
| 2018-04-10 | CVE-2018-2413 | Missing Authorization vulnerability in SAP Disclosure Management 10.1 SAP Disclosure Management 10.1 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 6.5 |
| 2018-04-10 | CVE-2018-2412 | Missing Authorization vulnerability in SAP Disclosure Management 10.1 SAP Disclosure Management 10.1 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 6.5 |
| 2018-04-10 | CVE-2018-2409 | Session Fixation vulnerability in SAP Cloud Platform 2.0 Improper session management when using SAP Cloud Platform 2.0 (Connectivity Service and Cloud Connector). | 6.5 |
| 2018-04-10 | CVE-2018-2406 | Unquoted Search Path or Element vulnerability in SAP Crystal Reports Server Unquoted windows search path (directory/path traversal) vulnerability in Crystal Reports Server, OEM Edition (CRSE), 4.0, 4.10, 4.20, 4.30, startup path. | 4.6 |
| 2018-04-10 | CVE-2018-2403 | Unspecified vulnerability in SAP Disclosure Management 10.1 Under certain conditions, SAP Disclosure Management 10.1 allows an attacker to access information which would otherwise be restricted. | 4.0 |
| 2018-03-14 | CVE-2018-2399 | Cross-site Scripting vulnerability in SAP Process Monitoring Infrastructure Cross-Site Scripting in Process Monitoring Infrastructure, from 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, due to inefficient encoding of user controlled inputs. | 4.3 |
| 2018-03-14 | CVE-2018-2398 | Unspecified vulnerability in SAP Business Client 6.5 Under certain conditions SAP Business Client 6.5 allows an attacker to access information which would otherwise be restricted. | 5.0 |