Vulnerabilities > SAP > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-12 | CVE-2017-16679 | Open Redirect vulnerability in SAP Kernel URL redirection vulnerability in SAP's Startup Service, SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.52, that allows an attacker to redirect users to a malicious site. | 5.8 |
| 2017-12-12 | CVE-2017-16678 | Server-Side Request Forgery (SSRF) vulnerability in SAP products Server Side Request Forgery (SSRF) vulnerability in SAP NetWeaver Knowledge Management Configuration Service, EPBC and EPBC2 from 7.00 to 7.02; KMC-BC 7.30, 7.31, 7.40 and 7.50, that allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application. | 6.5 |
| 2017-12-03 | CVE-2017-14516 | Cross-site Scripting vulnerability in SAP Businessobjects Financial Consolidation Cross-Site Scripting (XSS) exists in SAP Business Objects Financial Consolidation before 2017-06-13, aka SAP Security Note 2422292. | 4.3 |
| 2017-10-16 | CVE-2017-15297 | Improper Authentication vulnerability in SAP Host Agent 7.21 SAP Hostcontrol does not require authentication for the SOAP SAPControl endpoint. | 5.0 |
| 2017-10-16 | CVE-2017-15296 | Cross-Site Request Forgery (CSRF) vulnerability in SAP Customer Relationship Management The Java component in SAP CRM has CSRF. | 6.8 |
| 2017-10-16 | CVE-2017-15294 | Cross-site Scripting vulnerability in SAP Customer Relationship Management The Java administration console in SAP CRM has XSS. | 4.3 |
| 2017-09-29 | CVE-2017-10701 | Cross-site Scripting vulnerability in SAP Enterprise Portal 7.50 Cross site scripting (XSS) vulnerability in SAP Enterprise Portal 7.50 allows remote attackers to inject arbitrary web script or HTML, aka SAP Security Notes 2469860, 2471209, and 2488516. | 4.3 |
| 2017-09-19 | CVE-2017-14581 | Resource Exhaustion vulnerability in SAP Netweaver The Host Control web service in SAP NetWeaver AS JAVA 7.0 through 7.5 allows remote attackers to cause a denial of service (service crash) via a crafted request, aka SAP Security Note 2389181. | 5.0 |
| 2017-09-17 | CVE-2017-14511 | Improper Input Validation vulnerability in SAP E-Recruiting An issue was discovered in SAP E-Recruiting (aka ERECRUIT) 605 through 617. | 5.0 |
| 2017-08-28 | CVE-2014-8871 | Path Traversal vulnerability in SAP Hybris Directory traversal vulnerability in hybris Commerce software suite 5.0.3.3 and earlier, 5.0.0.3 and earlier, 5.0.4.4 and earlier, 5.1.0.1 and earlier, 5.1.1.2 and earlier, 5.2.0.3 and earlier, and 5.3.0.1 and earlier. | 5.0 |