Vulnerabilities > SAP > UI

DATE CVE VULNERABILITY TITLE RISK
2023-06-13 CVE-2023-33991 Cross-site Scripting vulnerability in SAP UI
SAP UI5 Variant Management - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, UI_700 200, does not sufficiently encode user-controlled inputs on reading data from the server, resulting in Stored Cross-Site Scripting (Stored XSS) vulnerability.
network
low complexity
sap CWE-79
8.2
2019-11-13 CVE-2019-0388 Authentication Bypass by Spoofing vulnerability in SAP UI
SAP UI5 HTTP Handler (corrected in SAP_UI versions 7.5, 7.51, 7.52, 7.53, 7.54 and SAP UI_700 version 2.0) allows an attacker to manipulate content due to insufficient URL validation.
network
low complexity
sap CWE-290
5.3
2018-06-12 CVE-2018-2428 Unspecified vulnerability in SAP Infrastructure and UI
Under certain conditions SAP UI5 Handler allows an attacker to access information which would otherwise be restricted.
network
low complexity
sap
5.3
2018-06-12 CVE-2018-2424 Improper Input Validation vulnerability in SAP products
SAP UI5 did not validate user input before adding it to the DOM structure.
network
low complexity
sap CWE-20
7.5