Filtered by vendor Sap
Subscribe
Total
1426 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-2415 | 1 Sap | 2 J2ee Engine Server Core, Netweaver Java Web Container And Http Service Engine | 2023-12-10 | 4.3 MEDIUM | 4.7 MEDIUM |
SAP NetWeaver Application Server Java Web Container and HTTP Service (Engine API, from 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; J2EE Engine Server Core 7.11, 7.30, 7.31, 7.40, 7.50) do not sufficiently encode user controlled inputs, resulting in a content spoofing vulnerability when error pages are displayed. | |||||
CVE-2018-2402 | 1 Sap | 1 Hana | 2023-12-10 | 3.5 LOW | 8.4 HIGH |
In systems using the optional capture & replay functionality of SAP HANA, 1.00 and 2.00, (see SAP Note 2362820 for more information about capture & replay), user credentials may be stored in clear text in the indexserver trace files of the control system. An attacker with the required authorizations on the control system may be able to access the user credentials and gain unauthorized access to data in the captured or target system. | |||||
CVE-2018-2369 | 1 Sap | 1 Hana | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
Under certain conditions SAP HANA, 1.00, 2.00, allows an unauthenticated attacker to access information which would otherwise be restricted. An attacker can misuse the authentication function of the SAP HANA server on its SQL interface and disclose 8 bytes of the server process memory. The attacker cannot influence or predict the location of the leaked memory. | |||||
CVE-2018-2388 | 1 Sap | 1 Internet Graphics Server | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Stored cross-site scripting vulnerability in SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53. | |||||
CVE-2018-2436 | 1 Sap | 1 R\/3 Enterprise Retail | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
Executing transaction WRCK in SAP R/3 Enterprise Retail (EHP6) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | |||||
CVE-2018-2431 | 1 Sap | 1 Businessobjects Business Intelligence | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | |||||
CVE-2018-2387 | 1 Sap | 1 Internet Graphics Server | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
A vulnerability in the SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, could allow a malicious user to obtain information on ports, which is not available to the user otherwise. | |||||
CVE-2018-2409 | 1 Sap | 1 Cloud Platform | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
Improper session management when using SAP Cloud Platform 2.0 (Connectivity Service and Cloud Connector). Under certain conditions, data of some other user may be shown or modified when using an application built on top of SAP Cloud Platform. | |||||
CVE-2018-2437 | 1 Sap | 1 Internet Graphics Server | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
The SAP Internet Graphics Service (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to externally trigger IGS command executions which can lead to: disclosure of information and malicious file insertion or modification. | |||||
CVE-2018-2386 | 1 Sap | 1 Internet Graphics Server | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
Under certain conditions a malicious user provoking an out of bounds buffer overflow can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53. | |||||
CVE-2018-2380 | 1 Sap | 1 Customer Relationship Management | 2023-12-10 | 6.5 MEDIUM | 6.6 MEDIUM |
SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs. | |||||
CVE-2018-2419 | 1 Sap | 3 Ea-finserv, S4core, Sapscore | 2023-12-10 | 5.5 MEDIUM | 4.6 MEDIUM |
SAP Enterprise Financial Services (SAPSCORE 1.11, 1.12; S4CORE 1.01, 1.02; EA-FINSERV 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | |||||
CVE-2018-2367 | 1 Sap | 1 Business Application Software Integrated Solution | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs. | |||||
CVE-2018-2438 | 1 Sap | 1 Internet Graphics Server | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, has several denial-of-service vulnerabilities that allow an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. | |||||
CVE-2018-2394 | 1 Sap | 1 Internet Graphics Server | 2023-12-10 | 5.0 MEDIUM | 6.5 MEDIUM |
Under certain conditions an unauthenticated malicious user can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, services and/or system files. | |||||
CVE-2018-2410 | 1 Sap | 1 Business One | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
SAP Business One, 9.2, 9.3, browser access does not sufficiently encode user controlled inputs, which results in a Cross-Site Scripting (XSS) vulnerability. | |||||
CVE-2018-2435 | 1 Sap | 1 Netweaver Enterprise Portal | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
SAP NetWeaver Enterprise Portal from 7.0 to 7.02, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | |||||
CVE-2018-2428 | 1 Sap | 2 Infrastructure, Ui | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
Under certain conditions SAP UI5 Handler allows an attacker to access information which would otherwise be restricted. Software components affected are: SAP Infrastructure 1.0, SAP UI 7.4, 7.5, 7.51, 7.52 and version 2.0 of SAP UI for SAP NetWeaver 7.00. | |||||
CVE-2018-2395 | 1 Sap | 1 Internet Graphics Server | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
Under certain conditions a malicious user may retrieve information on SAP Internet Graphic Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, overwrite existing image or corrupt other type of files. | |||||
CVE-2018-2403 | 1 Sap | 1 Disclosure Management | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
Under certain conditions, SAP Disclosure Management 10.1 allows an attacker to access information which would otherwise be restricted. It is possible for an authorized user to get SAP Disclosure Management to point a specific chapter type to a chapter the user has not been given access to. |