Shodan
Vulnerabilities
Vulnerable Software
Sap:  Security Vulnerabilities
CVE-2018-2465
SAP HANA (versions 1.0 and 2.0) Extended Application Services classic model OData parser does not sufficiently validate XML. By exploiting, an unauthorized hacker can cause the database server to crash.
CVSS Score
7.5
EPSS Score
0.005
Published
2018-09-11
CVE-2018-2457
Under certain conditions SAP Adaptive Server Enterprise, version 16.0, allows some privileged users to access information which would otherwise be restricted.
CVSS Score
6.5
EPSS Score
0.003
Published
2018-09-11
CVE-2018-2458
Under certain conditions, Crystal Report using SAP Business One, versions 9.2 and 9.3, connection type allows an attacker to access information which would otherwise be restricted.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-09-11
CVE-2018-2459
Users of an SAP Mobile Platform (version 3.0) Offline OData application, which uses Offline OData-supplied delta tokens (which is on by default), occasionally receive some data values of a different user.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-09-11
CVE-2018-2460
SAP Business One Android application, version 1.2, does not verify the certificate properly for HTTPS connection. This allows attacker to do MITM attack.
CVSS Score
5.9
EPSS Score
0.001
Published
2018-09-11
CVE-2018-2461
Missing authorization check in SAP HCM Fiori "People Profile" (GBX01 HR version 6.0) for an authenticated user which may result in an escalation of privileges.
CVSS Score
8.8
EPSS Score
0.004
Published
2018-09-11
CVE-2018-2462
In certain cases, BEx Web Java Runtime Export Web Service in SAP NetWeaver BI 7.30, 7.31. 7.40, 7.41, 7.50, does not sufficiently validate an XML document accepted from an untrusted source.
CVSS Score
8.8
EPSS Score
0.006
Published
2018-09-11
CVE-2018-2463
The Omni Commerce Connect API (OCC) of SAP Hybris Commerce, versions 6.*, is vulnerable to server-side request forgery (SSRF) attacks. This is due to a misconfiguration of XML parser that is used in the server-side implementation of OCC.
CVSS Score
8.6
EPSS Score
0.003
Published
2018-09-11
CVE-2018-2452
The logon application of SAP NetWeaver AS Java 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user-controlled inputs, resulting in a cross-site scripting (XSS) vulnerability.
CVSS Score
6.1
EPSS Score
0.006
Published
2018-09-11
CVE-2018-2454
SAP Enterprise Financial Services, versions 6.05, 6.06, 6.16, 6.17, 6.18, 8.0 (in business function EAFS_BCA_BUSOPR_2) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
CVSS Score
8.8
EPSS Score
0.004
Published
2018-09-11


Products
Pricing
Contact Us

Shodan ® - All rights reserved