Shodan
Vulnerabilities
Vulnerable Software
Sap:  Security Vulnerabilities
CVE-2018-2421
SAP Internet Graphics Server (IGS) Portwatcher, 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.
CVSS Score
5.3
EPSS Score
0.005
Published
2018-05-09
CVE-2018-2403
Under certain conditions, SAP Disclosure Management 10.1 allows an attacker to access information which would otherwise be restricted. It is possible for an authorized user to get SAP Disclosure Management to point a specific chapter type to a chapter the user has not been given access to.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-04-10
CVE-2018-2404
SAP Disclosure Management 10.1 allows an attacker to upload any file without proper file format validation.
CVSS Score
4.3
EPSS Score
0.003
Published
2018-04-10
CVE-2018-2405
SAP Solution Manager, 7.10, 7.20, Incident Management Work Center allows an attacker to upload a malicious script as an attachment and this could lead to possible Cross-Site Scripting.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-04-10
CVE-2018-2406
Unquoted windows search path (directory/path traversal) vulnerability in Crystal Reports Server, OEM Edition (CRSE), 4.0, 4.10, 4.20, 4.30, startup path.
CVSS Score
5.3
EPSS Score
0.001
Published
2018-04-10
CVE-2018-2408
Improper Session Management in SAP Business Objects, 4.0, from 4.10, from 4.20, 4.30, CMC/BI Launchpad/Fiorified BI Launchpad. In case of password change for a user, all other active sessions created using older password continues to be active.
CVSS Score
7.3
EPSS Score
0.002
Published
2018-04-10
CVE-2018-2409
Improper session management when using SAP Cloud Platform 2.0 (Connectivity Service and Cloud Connector). Under certain conditions, data of some other user may be shown or modified when using an application built on top of SAP Cloud Platform.
CVSS Score
6.3
EPSS Score
0.002
Published
2018-04-10
CVE-2018-2410
SAP Business One, 9.2, 9.3, browser access does not sufficiently encode user controlled inputs, which results in a Cross-Site Scripting (XSS) vulnerability.
CVSS Score
5.4
EPSS Score
0.003
Published
2018-04-10
CVE-2018-2412
SAP Disclosure Management 10.1 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
CVSS Score
3.8
EPSS Score
0.004
Published
2018-04-10
CVE-2018-2413
SAP Disclosure Management 10.1 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
CVSS Score
5.4
EPSS Score
0.004
Published
2018-04-10


Products
Pricing
Contact Us

Shodan ® - All rights reserved