ReportizFlow
Filtered by vendor Sap
Subscriptions
Total
1535 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-2420 | 1 Sap | 1 Internet Graphics Server | 2024-11-21 | N/A |
| SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to upload any file (including script files) without proper file format validation. | ||||
| CVE-2018-2419 | 1 Sap | 3 Ea-finserv, S4core, Sapscore | 2024-11-21 | N/A |
| SAP Enterprise Financial Services (SAPSCORE 1.11, 1.12; S4CORE 1.01, 1.02; EA-FINSERV 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | ||||
| CVE-2018-2418 | 1 Sap | 1 Maxdb Odbc Driver | 2024-11-21 | N/A |
| SAP MaxDB ODBC driver (all versions before 7.9.09.07) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application. | ||||
| CVE-2018-2417 | 1 Sap | 1 Identity Management | 2024-11-21 | N/A |
| Under certain conditions, the SAP Identity Management 8.0 (pass of type ToASCII) allows an attacker to access information which would otherwise be restricted. | ||||
| CVE-2018-2416 | 1 Sap | 1 Identity Management | 2024-11-21 | N/A |
| SAP Identity Management 7.2 and 8.0 do not sufficiently validate an XML document accepted from an untrusted source. | ||||
| CVE-2018-2415 | 1 Sap | 2 J2ee Engine Server Core, Netweaver Java Web Container And Http Service Engine | 2024-11-21 | N/A |
| SAP NetWeaver Application Server Java Web Container and HTTP Service (Engine API, from 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; J2EE Engine Server Core 7.11, 7.30, 7.31, 7.40, 7.50) do not sufficiently encode user controlled inputs, resulting in a content spoofing vulnerability when error pages are displayed. | ||||
| CVE-2018-2413 | 1 Sap | 1 Disclosure Management | 2024-11-21 | N/A |
| SAP Disclosure Management 10.1 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | ||||
| CVE-2018-2412 | 1 Sap | 1 Disclosure Management | 2024-11-21 | N/A |
| SAP Disclosure Management 10.1 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | ||||
| CVE-2018-2410 | 1 Sap | 1 Business One | 2024-11-21 | N/A |
| SAP Business One, 9.2, 9.3, browser access does not sufficiently encode user controlled inputs, which results in a Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2018-2409 | 1 Sap | 1 Cloud Platform | 2024-11-21 | N/A |
| Improper session management when using SAP Cloud Platform 2.0 (Connectivity Service and Cloud Connector). Under certain conditions, data of some other user may be shown or modified when using an application built on top of SAP Cloud Platform. | ||||
| CVE-2018-2408 | 1 Sap | 1 Businessobjects | 2024-11-21 | N/A |
| Improper Session Management in SAP Business Objects, 4.0, from 4.10, from 4.20, 4.30, CMC/BI Launchpad/Fiorified BI Launchpad. In case of password change for a user, all other active sessions created using older password continues to be active. | ||||
| CVE-2018-2406 | 1 Sap | 1 Crystal Reports Server | 2024-11-21 | N/A |
| Unquoted windows search path (directory/path traversal) vulnerability in Crystal Reports Server, OEM Edition (CRSE), 4.0, 4.10, 4.20, 4.30, startup path. | ||||
| CVE-2018-2405 | 1 Sap | 1 Solution Manager | 2024-11-21 | N/A |
| SAP Solution Manager, 7.10, 7.20, Incident Management Work Center allows an attacker to upload a malicious script as an attachment and this could lead to possible Cross-Site Scripting. | ||||
| CVE-2018-2404 | 1 Sap | 1 Disclosure Management | 2024-11-21 | N/A |
| SAP Disclosure Management 10.1 allows an attacker to upload any file without proper file format validation. | ||||
| CVE-2018-2403 | 1 Sap | 1 Disclosure Management | 2024-11-21 | N/A |
| Under certain conditions, SAP Disclosure Management 10.1 allows an attacker to access information which would otherwise be restricted. It is possible for an authorized user to get SAP Disclosure Management to point a specific chapter type to a chapter the user has not been given access to. | ||||
| CVE-2018-2402 | 1 Sap | 1 Hana | 2024-11-21 | N/A |
| In systems using the optional capture & replay functionality of SAP HANA, 1.00 and 2.00, (see SAP Note 2362820 for more information about capture & replay), user credentials may be stored in clear text in the indexserver trace files of the control system. An attacker with the required authorizations on the control system may be able to access the user credentials and gain unauthorized access to data in the captured or target system. | ||||
| CVE-2018-2399 | 1 Sap | 1 Process Monitoring Infrastructure | 2024-11-21 | N/A |
| Cross-Site Scripting in Process Monitoring Infrastructure, from 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, due to inefficient encoding of user controlled inputs. | ||||
| CVE-2018-2397 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | N/A |
| In SAP Business Objects Business Intelligence Platform, 4.00, 4.10, 4.20, 4.30, the Central Management Console (CMC) does not sufficiently encode user controlled inputs which results in Cross-Site Scripting. | ||||
| CVE-2018-2396 | 1 Sap | 1 Internet Graphics Server | 2024-11-21 | N/A |
| Under certain conditions a malicious user can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, using IGS Interpreter service. | ||||
| CVE-2018-2395 | 1 Sap | 1 Internet Graphics Server | 2024-11-21 | N/A |
| Under certain conditions a malicious user may retrieve information on SAP Internet Graphic Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, overwrite existing image or corrupt other type of files. | ||||