Filtered by vendor Sap
Subscribe
Total
1568 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-2419 | 1 Sap | 3 Ea-finserv, S4core, Sapscore | 2024-11-21 | 5.5 MEDIUM | 3.7 LOW |
|
SAP Enterprise Financial Services (SAPSCORE 1.11, 1.12; S4CORE 1.01, 1.02; EA-FINSERV 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
|
|||||
| CVE-2018-2418 | 1 Sap | 1 Maxdb Odbc Driver | 2024-11-21 | 7.5 HIGH | 5.5 MEDIUM |
|
SAP MaxDB ODBC driver (all versions before 7.9.09.07) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.
|
|||||
| CVE-2018-2417 | 1 Sap | 1 Identity Management | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Under certain conditions, the SAP Identity Management 8.0 (pass of type ToASCII) allows an attacker to access information which would otherwise be restricted.
|
|||||
| CVE-2018-2416 | 1 Sap | 1 Identity Management | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
|
SAP Identity Management 7.2 and 8.0 do not sufficiently validate an XML document accepted from an untrusted source.
|
|||||
| CVE-2018-2415 | 1 Sap | 2 J2ee Engine Server Core, Netweaver Java Web Container And Http Service Engine | 2024-11-21 | 4.3 MEDIUM | 4.7 MEDIUM |
|
SAP NetWeaver Application Server Java Web Container and HTTP Service (Engine API, from 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; J2EE Engine Server Core 7.11, 7.30, 7.31, 7.40, 7.50) do not sufficiently encode user controlled inputs, resulting in a content spoofing vulnerability when error pages are displayed.
|
|||||
| CVE-2018-2413 | 1 Sap | 1 Disclosure Management | 2024-11-21 | 6.5 MEDIUM | 5.4 MEDIUM |
|
SAP Disclosure Management 10.1 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
|
|||||
| CVE-2018-2412 | 1 Sap | 1 Disclosure Management | 2024-11-21 | 6.5 MEDIUM | 3.8 LOW |
|
SAP Disclosure Management 10.1 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
|
|||||
| CVE-2018-2410 | 1 Sap | 1 Business One | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
SAP Business One, 9.2, 9.3, browser access does not sufficiently encode user controlled inputs, which results in a Cross-Site Scripting (XSS) vulnerability.
|
|||||
| CVE-2018-2409 | 1 Sap | 1 Cloud Platform | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
|
Improper session management when using SAP Cloud Platform 2.0 (Connectivity Service and Cloud Connector). Under certain conditions, data of some other user may be shown or modified when using an application built on top of SAP Cloud Platform.
|
|||||
| CVE-2018-2408 | 1 Sap | 1 Businessobjects | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
|
Improper Session Management in SAP Business Objects, 4.0, from 4.10, from 4.20, 4.30, CMC/BI Launchpad/Fiorified BI Launchpad. In case of password change for a user, all other active sessions created using older password continues to be active.
|
|||||
| CVE-2018-2406 | 1 Sap | 1 Crystal Reports Server | 2024-11-21 | 4.6 MEDIUM | 5.3 MEDIUM |
|
Unquoted windows search path (directory/path traversal) vulnerability in Crystal Reports Server, OEM Edition (CRSE), 4.0, 4.10, 4.20, 4.30, startup path.
|
|||||
| CVE-2018-2405 | 1 Sap | 1 Solution Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
SAP Solution Manager, 7.10, 7.20, Incident Management Work Center allows an attacker to upload a malicious script as an attachment and this could lead to possible Cross-Site Scripting.
|
|||||
| CVE-2018-2404 | 1 Sap | 1 Disclosure Management | 2024-11-21 | 7.5 HIGH | 4.3 MEDIUM |
|
SAP Disclosure Management 10.1 allows an attacker to upload any file without proper file format validation.
|
|||||
| CVE-2018-2403 | 1 Sap | 1 Disclosure Management | 2024-11-21 | 4.0 MEDIUM | 5.4 MEDIUM |
|
Under certain conditions, SAP Disclosure Management 10.1 allows an attacker to access information which would otherwise be restricted. It is possible for an authorized user to get SAP Disclosure Management to point a specific chapter type to a chapter the user has not been given access to.
|
|||||
| CVE-2018-2402 | 1 Sap | 1 Hana | 2024-11-21 | 3.5 LOW | 7.6 HIGH |
|
In systems using the optional capture & replay functionality of SAP HANA, 1.00 and 2.00, (see SAP Note 2362820 for more information about capture & replay), user credentials may be stored in clear text in the indexserver trace files of the control system. An attacker with the required authorizations on the control system may be able to access the user credentials and gain unauthorized access to data in the captured or target system.
|
|||||
| CVE-2018-2399 | 1 Sap | 1 Process Monitoring Infrastructure | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-Site Scripting in Process Monitoring Infrastructure, from 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, due to inefficient encoding of user controlled inputs.
|
|||||
| CVE-2018-2397 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
In SAP Business Objects Business Intelligence Platform, 4.00, 4.10, 4.20, 4.30, the Central Management Console (CMC) does not sufficiently encode user controlled inputs which results in Cross-Site Scripting.
|
|||||
| CVE-2018-2396 | 1 Sap | 1 Internet Graphics Server | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Under certain conditions a malicious user can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, using IGS Interpreter service.
|
|||||
| CVE-2018-2395 | 1 Sap | 1 Internet Graphics Server | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Under certain conditions a malicious user may retrieve information on SAP Internet Graphic Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, overwrite existing image or corrupt other type of files.
|
|||||
| CVE-2018-2394 | 1 Sap | 1 Internet Graphics Server | 2024-11-21 | 5.0 MEDIUM | 6.5 MEDIUM |
|
Under certain conditions an unauthenticated malicious user can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, services and/or system files.
|
|||||
| CVE-2018-2393 | 1 Sap | 1 Internet Graphics Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Under certain conditions SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML External Entity appropriately causing the SAP Internet Graphics Server (IGS) to become unavailable.
|
|||||
| CVE-2018-2392 | 1 Sap | 1 Internet Graphics Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Under certain conditions SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML External Entity appropriately causing the SAP Internet Graphics Server (IGS) to become unavailable.
|
|||||
| CVE-2018-2391 | 1 Sap | 1 Internet Graphics Server | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Under certain conditions a malicious user can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, via IGS portwatcher service.
|
|||||
| CVE-2018-2390 | 1 Sap | 1 Internet Graphics Server | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Under certain conditions a malicious user can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, via IGS Chart service.
|
|||||
| CVE-2018-2389 | 1 Sap | 1 Internet Graphics Server | 2024-11-21 | 4.0 MEDIUM | 5.7 MEDIUM |
|
Under certain conditions a malicious user can inject log files of SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, hiding important information in the log file.
|
|||||
| CVE-2018-2388 | 1 Sap | 1 Internet Graphics Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Stored cross-site scripting vulnerability in SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53.
|
|||||
| CVE-2018-2387 | 1 Sap | 1 Internet Graphics Server | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
A vulnerability in the SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, could allow a malicious user to obtain information on ports, which is not available to the user otherwise.
|
|||||
| CVE-2018-2386 | 1 Sap | 1 Internet Graphics Server | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Under certain conditions a malicious user provoking an out of bounds buffer overflow can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53.
|
|||||
| CVE-2018-2385 | 1 Sap | 1 Internet Graphics Server | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Under certain conditions a malicious user provoking a divide by zero crash can prevent legitimate users from accessing the SAP Internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, and its services.
|
|||||
| CVE-2018-2384 | 1 Sap | 1 Internet Graphics Server | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Under certain conditions a malicious user provoking a Null Pointer dereference can prevent legitimate users from accessing the SAP Internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, and its services.
|
|||||
| CVE-2018-2383 | 1 Sap | 1 Internet Graphics Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Reflected cross-site scripting vulnerability in SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53.
|
|||||
| CVE-2018-2382 | 1 Sap | 1 Internet Graphics Server | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
A vulnerability in the SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, could allow a malicious user to store graphics in a controlled area and as such gain information from system area, which is not available to the user otherwise.
|
|||||
| CVE-2018-2381 | 1 Sap | 1 Erp Financials Information System | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
SAP ERP Financials Information System (SAP_APPL 6.00, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16; SAP_FIN 6.17, 6.18, 7.00, 7.20, 7.30 S4CORE 1.00, 1.01, 1.02) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
|
|||||
| CVE-2018-2379 | 1 Sap | 1 Hana Extended Application Services | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
In SAP HANA Extended Application Services, 1.0, an unauthenticated user could test if a given username is valid by evaluating error messages of a specific endpoint.
|
|||||
| CVE-2018-2378 | 1 Sap | 1 Hana Extended Application Services | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
In SAP HANA Extended Application Services, 1.0, unauthorized users can read statistical data about deployed applications including resource consumption.
|
|||||
| CVE-2018-2377 | 1 Sap | 1 Hana Extended Application Services | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
In SAP HANA Extended Application Services, 1.0, some general server statistics and status information could be retrieved by unauthorized users.
|
|||||
| CVE-2018-2376 | 1 Sap | 1 Hana Extended Application Services | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
|
In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could retrieve application environments within that space.
|
|||||
| CVE-2018-2375 | 1 Sap | 1 Hana Extended Application Services | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
|
In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could retrieve application environments within that space.
|
|||||
| CVE-2018-2374 | 1 Sap | 1 Hana Extended Application Services | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could retrieve sensitive application data like service bindings within that space.
|
|||||
| CVE-2018-2373 | 1 Sap | 1 Hana Extended Application Services | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Under certain circumstances, a specific endpoint of the Controller's API could be misused by unauthenticated users to execute SQL statements that deliver information about system configuration in SAP HANA Extended Application Services, 1.0.
|
|||||