Filtered by vendor Sap
Subscribe
Total
1426 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-2439 | 1 Sap | 1 Internet Graphics Server | 2018-09-12 | 4.3 MEDIUM | 5.9 MEDIUM |
| The SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, has insufficient request validation (for example, where the request is validated for authenticity and validity) and under certain conditions, will process invalid requests. Several areas of the SAP Internet Graphics Server (IGS) did not require sufficient input validation. Namely, the SAP Internet Graphics Server (IGS) HTTP and RFC listener, SAP Internet Graphics Server (IGS) portwatcher when registering a portwatcher to the multiplexer and the SAP Internet Graphics Server (IGS) multiplexer had insufficient input validation and thus allowing a malformed data packet to cause a crash. | |||||
| CVE-2018-2431 | 1 Sap | 1 Businessobjects Business Intelligence | 2018-09-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2018-2440 | 1 Sap | 1 Dynamic Authorization Management | 2018-09-06 | 2.1 LOW | 4.4 MEDIUM |
| Under certain circumstances SAP Dynamic Authorization Management (DAM) by NextLabs (Java Policy Controller versions 7.7 and 8.5) exposes sensitive information in the application logs. | |||||
| CVE-2018-2427 | 1 Sap | 2 Businessobjects Business Intelligence, Crystal Reports | 2018-09-06 | 6.5 MEDIUM | 8.8 HIGH |
| SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, and SAP Crystal Reports (version for Visual Studio .NET, Version 2010) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the application. | |||||
| CVE-2018-2435 | 1 Sap | 1 Netweaver Enterprise Portal | 2018-09-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP NetWeaver Enterprise Portal from 7.0 to 7.02, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2018-11415 | 1 Sap | 1 Internet Transaction Server | 2018-06-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP Internet Transaction Server (ITS) 6200.X.X has Reflected Cross Site Scripting (XSS) via certain wgate URIs. NOTE: the vendor has reportedly indicated that there will not be any further releases of this product. | |||||
| CVE-2018-2365 | 1 Sap | 1 Netweaver Portal | 2018-03-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP NetWeaver Portal, WebDynpro Java, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2018-2367 | 1 Sap | 1 Business Application Software Integrated Solution | 2018-03-23 | 6.5 MEDIUM | 8.8 HIGH |
| ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs. | |||||
| CVE-2018-2368 | 1 Sap | 1 Netweaver System Landscape Directory | 2018-03-23 | 7.5 HIGH | 9.8 CRITICAL |
| SAP NetWeaver System Landscape Directory, LM-CORE 7.10, 7.20, 7.30, 7.31, 7.40, does not perform any authentication checks for functionalities that require user identity. | |||||
| CVE-2018-2380 | 1 Sap | 1 Customer Relationship Management | 2018-03-23 | 6.5 MEDIUM | 6.6 MEDIUM |
| SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs. | |||||
| CVE-2018-2370 | 1 Sap | 1 Bi Launchpad | 2018-03-15 | 5.0 MEDIUM | 5.3 MEDIUM |
| Server Side Request Forgery (SSRF) vulnerability in SAP Central Management Console, BI Launchpad and Fiori BI Launchpad, 4.10, from 4.20, from 4.30, could allow a malicious user to use common techniques to determine which ports are in use on the backend server. | |||||
| CVE-2018-2371 | 1 Sap | 1 Netweaver Java Web Application | 2018-03-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The SAML 2.0 service provider of SAP Netweaver AS Java Web Application, 7.50, does not sufficiently encode user controlled inputs, which results in Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2018-2364 | 1 Sap | 2 Customer Relationship Management Webclient Ui, S4fnd | 2018-03-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP CRM WebClient UI 7.01, 7.31, 7.46, 7.47, 7.48, 8.00, 8.01, S4FND 1.02, does not sufficiently validate and/or encode hidden fields, resulting in Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2018-2392 | 1 Sap | 1 Internet Graphics Server | 2018-03-01 | 5.0 MEDIUM | 7.5 HIGH |
| Under certain conditions SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML External Entity appropriately causing the SAP Internet Graphics Server (IGS) to become unavailable. | |||||
| CVE-2018-2393 | 1 Sap | 1 Internet Graphics Server | 2018-03-01 | 5.0 MEDIUM | 7.5 HIGH |
| Under certain conditions SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML External Entity appropriately causing the SAP Internet Graphics Server (IGS) to become unavailable. | |||||
| CVE-2018-2386 | 1 Sap | 1 Internet Graphics Server | 2018-02-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| Under certain conditions a malicious user provoking an out of bounds buffer overflow can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53. | |||||
| CVE-2018-2385 | 1 Sap | 1 Internet Graphics Server | 2018-02-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| Under certain conditions a malicious user provoking a divide by zero crash can prevent legitimate users from accessing the SAP Internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, and its services. | |||||
| CVE-2018-2384 | 1 Sap | 1 Internet Graphics Server | 2018-02-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| Under certain conditions a malicious user provoking a Null Pointer dereference can prevent legitimate users from accessing the SAP Internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, and its services. | |||||
| CVE-2018-2383 | 1 Sap | 1 Internet Graphics Server | 2018-02-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected cross-site scripting vulnerability in SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53. | |||||
| CVE-2018-2388 | 1 Sap | 1 Internet Graphics Server | 2018-02-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| Stored cross-site scripting vulnerability in SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53. | |||||