Shodan
Vulnerabilities
Vulnerable Software
Sap:  Security Vulnerabilities
CVE-2018-2397
In SAP Business Objects Business Intelligence Platform, 4.00, 4.10, 4.20, 4.30, the Central Management Console (CMC) does not sufficiently encode user controlled inputs which results in Cross-Site Scripting.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-03-14
CVE-2018-2398
Under certain conditions SAP Business Client 6.5 allows an attacker to access information which would otherwise be restricted.
CVSS Score
6.7
EPSS Score
0.002
Published
2018-03-14
CVE-2018-2399
Cross-Site Scripting in Process Monitoring Infrastructure, from 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, due to inefficient encoding of user controlled inputs.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-03-14
CVE-2018-2402
In systems using the optional capture & replay functionality of SAP HANA, 1.00 and 2.00, (see SAP Note 2362820 for more information about capture & replay), user credentials may be stored in clear text in the indexserver trace files of the control system. An attacker with the required authorizations on the control system may be able to access the user credentials and gain unauthorized access to data in the captured or target system.
CVSS Score
7.6
EPSS Score
0.003
Published
2018-03-14
CVE-2018-2365
SAP NetWeaver Portal, WebDynpro Java, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-03-01
CVE-2018-2367
ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs.
CVSS Score
8.8
EPSS Score
0.019
Published
2018-03-01
CVE-2018-2368
SAP NetWeaver System Landscape Directory, LM-CORE 7.10, 7.20, 7.30, 7.31, 7.40, does not perform any authentication checks for functionalities that require user identity.
CVSS Score
9.8
EPSS Score
0.032
Published
2018-03-01
CVE-2018-2380
Known exploited
SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs.
CVSS Score
6.6
EPSS Score
0.453
Published
2018-03-01
CVE-2018-2383
Reflected cross-site scripting vulnerability in SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-02-14
CVE-2018-2384
Under certain conditions a malicious user provoking a Null Pointer dereference can prevent legitimate users from accessing the SAP Internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, and its services.
CVSS Score
6.5
EPSS Score
0.004
Published
2018-02-14


Products
Pricing
Contact Us

Shodan ® - All rights reserved