Shodan
Vulnerabilities
Vulnerable Software
Sap:  Security Vulnerabilities
CVE-2018-2416
SAP Identity Management 7.2 and 8.0 do not sufficiently validate an XML document accepted from an untrusted source.
CVSS Score
5.4
EPSS Score
0.007
Published
2018-05-09
CVE-2018-2417
Under certain conditions, the SAP Identity Management 8.0 (pass of type ToASCII) allows an attacker to access information which would otherwise be restricted.
CVSS Score
5.3
EPSS Score
0.002
Published
2018-05-09
CVE-2018-2418
SAP MaxDB ODBC driver (all versions before 7.9.09.07) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.
CVSS Score
5.5
EPSS Score
0.005
Published
2018-05-09
CVE-2018-2419
SAP Enterprise Financial Services (SAPSCORE 1.11, 1.12; S4CORE 1.01, 1.02; EA-FINSERV 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
CVSS Score
3.7
EPSS Score
0.002
Published
2018-05-09
CVE-2018-2420
SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to upload any file (including script files) without proper file format validation.
CVSS Score
6.5
EPSS Score
0.006
Published
2018-05-09
CVE-2018-2421
SAP Internet Graphics Server (IGS) Portwatcher, 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.
CVSS Score
5.3
EPSS Score
0.005
Published
2018-05-09
CVE-2018-2403
Under certain conditions, SAP Disclosure Management 10.1 allows an attacker to access information which would otherwise be restricted. It is possible for an authorized user to get SAP Disclosure Management to point a specific chapter type to a chapter the user has not been given access to.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-04-10
CVE-2018-2404
SAP Disclosure Management 10.1 allows an attacker to upload any file without proper file format validation.
CVSS Score
4.3
EPSS Score
0.003
Published
2018-04-10
CVE-2018-2405
SAP Solution Manager, 7.10, 7.20, Incident Management Work Center allows an attacker to upload a malicious script as an attachment and this could lead to possible Cross-Site Scripting.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-04-10
CVE-2018-2406
Unquoted windows search path (directory/path traversal) vulnerability in Crystal Reports Server, OEM Edition (CRSE), 4.0, 4.10, 4.20, 4.30, startup path.
CVSS Score
5.3
EPSS Score
0.001
Published
2018-04-10


Products
Pricing
Contact Us

Shodan ® - All rights reserved