Sap: Security Vulnerabilities
The broadcast messages received by SAP Fiori Client are not protected by permissions. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues and users must update to that version.
CVSS Score
7.8
EPSS Score
0.001
Published
2018-11-13
SAP Fiori 1.0 for SAP ERP HCM (Approve Leave Request, version 2) application allows an attacker to trick an authenticated user to send unintended request to the web server. This vulnerability is due to insufficient CSRF protection.
CVSS Score
6.5
EPSS Score
0.002
Published
2018-10-09
In the Software Development Kit in SAP BusinessObjects BI Platform Servers, versions 4.1 and 4.2, using the specially crafted URL in a Web Browser such as Chrome the system returns an error with the path of the used application server.
CVSS Score
5.3
EPSS Score
0.002
Published
2018-10-09
Under certain conditions the backup server in SAP Adaptive Server Enterprise (ASE), versions 15.7 and 16.0, allows an attacker to access information which would otherwise be restricted.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-10-09
Under certain conditions SAP Adaptive Server Enterprise (ASE), versions 15.7 and 16.0, allows an attacker to access information which would otherwise be restricted.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-10-09
In SAP NetWeaver Application Server for ABAP, from 7.0 to 7.02, 7.30, 7.31, 7.40 and from 7.50 to 7.53, applications do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
CVSS Score
6.1
EPSS Score
0.004
Published
2018-10-09
Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 allows an attacker to access information which would otherwise be restricted.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-10-09
SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 (Web Intelligence DHTML client) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
CVSS Score
6.1
EPSS Score
0.004
Published
2018-10-09
In Impact and Lineage Analysis in SAP Data Services, version 4.2, the management console does not sufficiently validate user-controlled inputs, which results in Cross-Site Scripting (XSS) vulnerability.
CVSS Score
5.4
EPSS Score
0.004
Published
2018-10-09
SAP WebDynpro Java, versions 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting (XSS) vulnerability.
CVSS Score
6.1
EPSS Score
0.004
Published
2018-09-11