Filtered by vendor Sap
Subscribe
Total
1426 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-0389 | 1 Sap | 1 Netweaver Application Server Java | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| An administrator of SAP NetWeaver Application Server Java (J2EE-Framework), (corrected in versions 7.1, 7.2, 7.3, 7.31, 7.4, 7.5), may change privileges for all or some functions in Java Server, and enable users to execute functions, they are not allowed to execute otherwise. | |||||
| CVE-2019-0331 | 1 Sap | 1 Businessobjects Business Intelligence | 2020-08-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| Under certain conditions, SAP BusinessObjects Business Intelligence Platform (BI Workspace), versions 4.1, 4.2, 4.3, allows an attacker to access sensitive data such as directory structure, leading to Information Disclosure. | |||||
| CVE-2019-0404 | 1 Sap | 1 Enable Now | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| SAP Enable Now, before version 1911, leaks information about network configuration in the server error messages, leading to Information Disclosure. | |||||
| CVE-2019-0287 | 1 Sap | 1 Businessobjects | 2020-08-24 | 6.8 MEDIUM | 7.6 HIGH |
| Under certain conditions SAP BusinessObjects Business Intelligence platform (Central Management Server), versions 4.2 and 4.3, allows an attacker to access information which would otherwise be restricted. | |||||
| CVE-2018-2451 | 1 Sap | 1 Hana Extended Application Services | 2020-08-24 | 6.0 MEDIUM | 6.6 MEDIUM |
| XS Command-Line Interface (CLI) user sessions with the SAP HANA Extended Application Services (XS), version 1, advanced server may have an unintentional prolonged period of validity. Consequently, a platform user could access controller resources via active CLI session even after corresponding authorizations have been revoked meanwhile by an administrator user. Similarly, an attacker who managed to gain access to the platform user's session might misuse the session token even after the session has been closed. | |||||
| CVE-2019-0289 | 1 Sap | 1 Businessobjects | 2020-08-24 | 5.8 MEDIUM | 7.1 HIGH |
| Under certain conditions SAP BusinessObjects Business Intelligence platform (Analysis for OLAP), versions 4.2 and 4.3, allows an attacker to access information which would otherwise be restricted. | |||||
| CVE-2019-0243 | 1 Sap | 1 Bw\/4hana | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| Under some circumstances, masterdata maintenance in SAP BW/4HANA (fixed in DW4CORE version 1.0 (SP08)) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | |||||
| CVE-2018-2369 | 1 Sap | 1 Hana | 2020-08-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| Under certain conditions SAP HANA, 1.00, 2.00, allows an unauthenticated attacker to access information which would otherwise be restricted. An attacker can misuse the authentication function of the SAP HANA server on its SQL interface and disclose 8 bytes of the server process memory. The attacker cannot influence or predict the location of the leaked memory. | |||||
| CVE-2018-2471 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 allows an attacker to access information which would otherwise be restricted. | |||||
| CVE-2019-0279 | 1 Sap | 1 Business Application Software Integrated Solution | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| ABAP BASIS function modules INST_CREATE_R3_RFC_DEST, INST_CREATE_TCPIP_RFCDEST, and INST_CREATE_TCPIP_RFC_DEST in SAP BASIS (fixed in versions 7.0 to 7.02, 7.10 to 7.30, 7.31, 7.40, 7.50 to 7.53) do not perform necessary authorization checks in all circumstances for an authenticated user, resulting in escalation of privileges. | |||||
| CVE-2019-0261 | 1 Sap | 1 Landscape Management | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| Under certain circumstances, SAP HANA Extended Application Services, advanced model (XS advanced) does not perform authentication checks properly for XS advanced platform and business users. Fixed in 1.0.97 to 1.0.99 (running on SAP HANA 1 or SAP HANA 2 SPS0 (second S stands for stack)). | |||||
| CVE-2019-0315 | 1 Sap | 1 Netweaver Process Integration | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| Under certain conditions the PI Integration Builder Web UI of SAP NetWeaver Process Integration (versions: SAP_XIESR: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, SAP_XITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50 and SAP_XIPCK 7.10 to 7.11, 7.20, 7.30) allows an attacker to access passwords used in FTP channels leading to information disclosure. | |||||
| CVE-2018-2458 | 1 Sap | 1 Business One | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| Under certain conditions, Crystal Report using SAP Business One, versions 9.2 and 9.3, connection type allows an attacker to access information which would otherwise be restricted. | |||||
| CVE-2019-0351 | 1 Sap | 1 Netweaver | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| A remote code execution vulnerability exists in the SAP NetWeaver UDDI Server (Services Registry), versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50. Because of this, an attacker can exploit Services Registry potentially enabling them to take complete control of the product, including viewing, changing, or deleting data by injecting code into the working memory which is subsequently executed by the application. It can also be used to cause a general fault in the product, causing the product to terminate. | |||||
| CVE-2018-2500 | 1 Sap | 1 Mobile Secure | 2020-08-24 | 1.9 LOW | 4.7 MEDIUM |
| Under certain conditions SAP Mobile Secure Android client (before version 6.60.19942.0 SP28 1711) allows an attacker to access information which would otherwise be restricted. | |||||
| CVE-2019-0348 | 1 Sap | 1 Businessobjects Business Intelligence | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| SAP BusinessObjects Business Intelligence Platform (Web Intelligence), versions 4.1, 4.2, can access database with unencrypted connection, even if the quality of protection should be encrypted. | |||||
| CVE-2018-2478 | 1 Sap | 1 Basis | 2020-08-24 | 6.5 MEDIUM | 7.2 HIGH |
| An attacker can use specially crafted inputs to execute commands on the host of a TREX / BWA installation, SAP Basis, versions: 7.0 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40 and 7.50 to 7.53. Not all commands are possible, only those that can be executed by the <sid>adm user. The commands executed depend upon the privileges of the <sid>adm user. | |||||
| CVE-2018-2457 | 1 Sap | 1 Adaptive Server Enterprise | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| Under certain conditions SAP Adaptive Server Enterprise, version 16.0, allows some privileged users to access information which would otherwise be restricted. | |||||
| CVE-2019-0349 | 1 Sap | 1 Advanced Business Application Programming Platform Kernel | 2020-08-24 | 6.5 MEDIUM | 7.2 HIGH |
| SAP Kernel (ABAP Debugger), versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21, 7.49, 7.53, 7.73, 7.75, 7.76, 7.77, allows a user to execute “Go to statement” without possessing the authorization S_DEVELOP DEBUG 02, resulting in Missing Authorization Check | |||||
| CVE-2019-0386 | 1 Sap | 2 Erp Sales, S4hana Sales | 2020-08-24 | 6.5 MEDIUM | 6.3 MEDIUM |
| Order processing in SAP ERP Sales (corrected in SAP_APPL 6.0, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18) and S4HANA Sales (corrected in S4CORE 1.0, 1.01, 1.02, 1.03, 1.04) does not execute the required authorization checks for an authenticated user, which can result in an escalation of privileges. | |||||