Filtered by vendor Sap
Subscriptions
Total
1502 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-2473 | 1 Sap | 1 Businessobjects Business Intelligence | 2024-11-21 | N/A |
| SAP BusinessObjects Business Intelligence Platform Server, versions 4.1 and 4.2, when using Web Intelligence Richclient 3 tiers mode gateway allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. | ||||
| CVE-2018-2472 | 1 Sap | 1 Businessobjects Bi Platform | 2024-11-21 | N/A |
| SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 (Web Intelligence DHTML client) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2018-2471 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | N/A |
| Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 allows an attacker to access information which would otherwise be restricted. | ||||
| CVE-2018-2470 | 1 Sap | 1 Netweaver | 2024-11-21 | N/A |
| In SAP NetWeaver Application Server for ABAP, from 7.0 to 7.02, 7.30, 7.31, 7.40 and from 7.50 to 7.53, applications do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2018-2469 | 1 Sap | 1 Adaptive Server Enterprise | 2024-11-21 | N/A |
| Under certain conditions SAP Adaptive Server Enterprise (ASE), versions 15.7 and 16.0, allows an attacker to access information which would otherwise be restricted. | ||||
| CVE-2018-2468 | 1 Sap | 1 Adaptive Server Enterprise | 2024-11-21 | N/A |
| Under certain conditions the backup server in SAP Adaptive Server Enterprise (ASE), versions 15.7 and 16.0, allows an attacker to access information which would otherwise be restricted. | ||||
| CVE-2018-2467 | 1 Sap | 1 Businessobjects Bi Platform | 2024-11-21 | N/A |
| In the Software Development Kit in SAP BusinessObjects BI Platform Servers, versions 4.1 and 4.2, using the specially crafted URL in a Web Browser such as Chrome the system returns an error with the path of the used application server. | ||||
| CVE-2018-2466 | 1 Sap | 1 Data Services | 2024-11-21 | N/A |
| In Impact and Lineage Analysis in SAP Data Services, version 4.2, the management console does not sufficiently validate user-controlled inputs, which results in Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2018-2465 | 1 Sap | 1 Hana | 2024-11-21 | N/A |
| SAP HANA (versions 1.0 and 2.0) Extended Application Services classic model OData parser does not sufficiently validate XML. By exploiting, an unauthorized hacker can cause the database server to crash. | ||||
| CVE-2018-2464 | 1 Sap | 1 Netweaver | 2024-11-21 | N/A |
| SAP WebDynpro Java, versions 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2018-2463 | 1 Sap | 1 Hybris | 2024-11-21 | N/A |
| The Omni Commerce Connect API (OCC) of SAP Hybris Commerce, versions 6.*, is vulnerable to server-side request forgery (SSRF) attacks. This is due to a misconfiguration of XML parser that is used in the server-side implementation of OCC. | ||||
| CVE-2018-2462 | 1 Sap | 1 Netweaver | 2024-11-21 | N/A |
| In certain cases, BEx Web Java Runtime Export Web Service in SAP NetWeaver BI 7.30, 7.31. 7.40, 7.41, 7.50, does not sufficiently validate an XML document accepted from an untrusted source. | ||||
| CVE-2018-2461 | 1 Sap | 1 People Profile | 2024-11-21 | N/A |
| Missing authorization check in SAP HCM Fiori "People Profile" (GBX01 HR version 6.0) for an authenticated user which may result in an escalation of privileges. | ||||
| CVE-2018-2460 | 1 Sap | 1 Business One | 2024-11-21 | N/A |
| SAP Business One Android application, version 1.2, does not verify the certificate properly for HTTPS connection. This allows attacker to do MITM attack. | ||||
| CVE-2018-2459 | 1 Sap | 1 Mobile Platform | 2024-11-21 | N/A |
| Users of an SAP Mobile Platform (version 3.0) Offline OData application, which uses Offline OData-supplied delta tokens (which is on by default), occasionally receive some data values of a different user. | ||||
| CVE-2018-2458 | 1 Sap | 1 Business One | 2024-11-21 | N/A |
| Under certain conditions, Crystal Report using SAP Business One, versions 9.2 and 9.3, connection type allows an attacker to access information which would otherwise be restricted. | ||||
| CVE-2018-2457 | 1 Sap | 1 Adaptive Server Enterprise | 2024-11-21 | N/A |
| Under certain conditions SAP Adaptive Server Enterprise, version 16.0, allows some privileged users to access information which would otherwise be restricted. | ||||
| CVE-2018-2455 | 1 Sap | 1 Enterprise Financial Services | 2024-11-21 | N/A |
| SAP Enterprise Financial Services, versions 6.05, 6.06, 6.16, 6.17, 6.18, 8.0 (in business function EAFS_BCA_BUSOPR_SEPA) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | ||||
| CVE-2018-2454 | 1 Sap | 1 Enterprise Financial Services | 2024-11-21 | N/A |
| SAP Enterprise Financial Services, versions 6.05, 6.06, 6.16, 6.17, 6.18, 8.0 (in business function EAFS_BCA_BUSOPR_2) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | ||||
| CVE-2018-2452 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-21 | 6.1 Medium |
| The logon application of SAP NetWeaver AS Java 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user-controlled inputs, resulting in a cross-site scripting (XSS) vulnerability. | ||||