Filtered by vendor Sap
Subscribe
Total
1521 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-2435 | 1 Sap | 1 Netweaver Enterprise Portal | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP NetWeaver Enterprise Portal from 7.0 to 7.02, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2018-2434 | 1 Sap | 3 Netweaver, Ui Infra, User Interface Technology | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| A content spoofing vulnerability in the following components allows to render html pages containing arbitrary plain text content, which might fool an end user: UI add-on for SAP NetWeaver (UI_Infra, 1.0), SAP UI Implementation for Decoupled Innovations (UI_700, 2.0): SAP NetWeaver 7.00 Implementation, SAP User Interface Technology (SAP_UI 7.4, 7.5, 7.51, 7.52). There is little impact as it is not possible to embed active contents such as JavaScript or hyperlinks. | |||||
| CVE-2018-2433 | 1 Sap | 1 Sap Kernel | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| SAP Gateway (SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.53) allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. | |||||
| CVE-2018-2432 | 1 Sap | 1 Businessobjects Business Intelligence | 2024-11-21 | 4.9 MEDIUM | 5.4 MEDIUM |
| SAP BusinessObjects Business Intelligence (BI Launchpad and Central Management Console) versions 4.10, 4.20 and 4.30 allow an attacker to include invalidated data in the HTTP response header sent to a Web user. Successful exploitation of this vulnerability may lead to advanced attacks, including: cross-site scripting and page hijacking. | |||||
| CVE-2018-2431 | 1 Sap | 1 Businessobjects Business Intelligence | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2018-2428 | 1 Sap | 2 Infrastructure, Ui | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Under certain conditions SAP UI5 Handler allows an attacker to access information which would otherwise be restricted. Software components affected are: SAP Infrastructure 1.0, SAP UI 7.4, 7.5, 7.51, 7.52 and version 2.0 of SAP UI for SAP NetWeaver 7.00. | |||||
| CVE-2018-2427 | 1 Sap | 2 Businessobjects Business Intelligence, Crystal Reports | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, and SAP Crystal Reports (version for Visual Studio .NET, Version 2010) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the application. | |||||
| CVE-2018-2425 | 1 Sap | 1 Business One | 2024-11-21 | 2.1 LOW | 8.4 HIGH |
| Under certain conditions, SAP Business One, 9.2, 9.3, for SAP HANA backup service allows an attacker to access information which would otherwise be restricted. | |||||
| CVE-2018-2424 | 1 Sap | 4 Hana Database, Ui, Ui5 and 1 more | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| SAP UI5 did not validate user input before adding it to the DOM structure. This may lead to malicious user-provided JavaScript code being added to the DOM that could steal user information. Software components affected are: SAP Hana Database 1.00, 2.00; SAP UI5 1.00; SAP UI5 (Java) 7.30, 7.31, 7.40, 7,50; SAP UI 7.40, 7.50, 7.51, 7.52, and version 2.0 of SAP UI for SAP NetWeaver 7.00 | |||||
| CVE-2018-2423 | 1 Sap | 1 Internet Graphics Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, HTTP and RFC listener allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. | |||||
| CVE-2018-2422 | 1 Sap | 1 Internet Graphics Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| SAP Internet Graphics Server (IGS) Portwatcher, 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. | |||||
| CVE-2018-2421 | 1 Sap | 1 Internet Graphics Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| SAP Internet Graphics Server (IGS) Portwatcher, 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. | |||||
| CVE-2018-2420 | 1 Sap | 1 Internet Graphics Server | 2024-11-21 | 7.5 HIGH | 6.5 MEDIUM |
| SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to upload any file (including script files) without proper file format validation. | |||||
| CVE-2018-2419 | 1 Sap | 3 Ea-finserv, S4core, Sapscore | 2024-11-21 | 5.5 MEDIUM | 3.7 LOW |
| SAP Enterprise Financial Services (SAPSCORE 1.11, 1.12; S4CORE 1.01, 1.02; EA-FINSERV 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | |||||
| CVE-2018-2418 | 1 Sap | 1 Maxdb Odbc Driver | 2024-11-21 | 7.5 HIGH | 5.5 MEDIUM |
| SAP MaxDB ODBC driver (all versions before 7.9.09.07) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application. | |||||
| CVE-2018-2417 | 1 Sap | 1 Identity Management | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Under certain conditions, the SAP Identity Management 8.0 (pass of type ToASCII) allows an attacker to access information which would otherwise be restricted. | |||||
| CVE-2018-2416 | 1 Sap | 1 Identity Management | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
| SAP Identity Management 7.2 and 8.0 do not sufficiently validate an XML document accepted from an untrusted source. | |||||
| CVE-2018-2415 | 1 Sap | 2 J2ee Engine Server Core, Netweaver Java Web Container And Http Service Engine | 2024-11-21 | 4.3 MEDIUM | 4.7 MEDIUM |
| SAP NetWeaver Application Server Java Web Container and HTTP Service (Engine API, from 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; J2EE Engine Server Core 7.11, 7.30, 7.31, 7.40, 7.50) do not sufficiently encode user controlled inputs, resulting in a content spoofing vulnerability when error pages are displayed. | |||||
| CVE-2018-2413 | 1 Sap | 1 Disclosure Management | 2024-11-21 | 6.5 MEDIUM | 5.4 MEDIUM |
| SAP Disclosure Management 10.1 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | |||||
| CVE-2018-2412 | 1 Sap | 1 Disclosure Management | 2024-11-21 | 6.5 MEDIUM | 3.8 LOW |
| SAP Disclosure Management 10.1 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | |||||