Sap: Security Vulnerabilities
HTTP Verb Tampering is possible in SAP BusinessObjects Business Intelligence Platform, versions 4.1 and 4.2, Central Management Console (CMC) by changing request method.
CVSS Score
4.3
EPSS Score
0.002
Published
2018-11-13
It is possible for a malicious application or malware to execute JavaScript in a SAP Fiori application. This can include reading and writing of information and calling device specific JavaScript APIs in the application. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues and users must update to that version.
CVSS Score
7.7
EPSS Score
0.002
Published
2018-11-13
SAP Disclosure Management 10.x allows an attacker to exploit through a specially crafted zip file provided by users: When extracted in specific use cases, files within this zip file can land in different locations than the originally intended extraction point.
CVSS Score
8.3
EPSS Score
0.007
Published
2018-11-13
It is possible for a malware application installed on an Android device to send local push notifications with an empty message to SAP Fiori Client and cause the application to crash. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues and users must update to that version.
CVSS Score
7.8
EPSS Score
0.002
Published
2018-11-13
Locally, without any permission, an arbitrary android application could delete the SSO configuration of SAP Fiori Client. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues and users must update to that version.
CVSS Score
7.8
EPSS Score
0.001
Published
2018-11-13
The broadcast messages received by SAP Fiori Client are not protected by permissions. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues and users must update to that version.
CVSS Score
7.8
EPSS Score
0.001
Published
2018-11-13
SAP Fiori 1.0 for SAP ERP HCM (Approve Leave Request, version 2) application allows an attacker to trick an authenticated user to send unintended request to the web server. This vulnerability is due to insufficient CSRF protection.
CVSS Score
6.5
EPSS Score
0.002
Published
2018-10-09
In the Software Development Kit in SAP BusinessObjects BI Platform Servers, versions 4.1 and 4.2, using the specially crafted URL in a Web Browser such as Chrome the system returns an error with the path of the used application server.
CVSS Score
5.3
EPSS Score
0.003
Published
2018-10-09
Under certain conditions the backup server in SAP Adaptive Server Enterprise (ASE), versions 15.7 and 16.0, allows an attacker to access information which would otherwise be restricted.
CVSS Score
7.5
EPSS Score
0.004
Published
2018-10-09
Under certain conditions SAP Adaptive Server Enterprise (ASE), versions 15.7 and 16.0, allows an attacker to access information which would otherwise be restricted.
CVSS Score
7.5
EPSS Score
0.004
Published
2018-10-09