Sap: Security Vulnerabilities
Improper Session Management in SAP Business Objects, 4.0, from 4.10, from 4.20, 4.30, CMC/BI Launchpad/Fiorified BI Launchpad. In case of password change for a user, all other active sessions created using older password continues to be active.
CVSS Score
7.3
EPSS Score
0.002
Published
2018-04-10
Improper session management when using SAP Cloud Platform 2.0 (Connectivity Service and Cloud Connector). Under certain conditions, data of some other user may be shown or modified when using an application built on top of SAP Cloud Platform.
CVSS Score
6.3
EPSS Score
0.002
Published
2018-04-10
SAP Business One, 9.2, 9.3, browser access does not sufficiently encode user controlled inputs, which results in a Cross-Site Scripting (XSS) vulnerability.
CVSS Score
5.4
EPSS Score
0.003
Published
2018-04-10
SAP Disclosure Management 10.1 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
CVSS Score
3.8
EPSS Score
0.004
Published
2018-04-10
SAP Disclosure Management 10.1 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
CVSS Score
5.4
EPSS Score
0.004
Published
2018-04-10
In SAP Business Objects Business Intelligence Platform, 4.00, 4.10, 4.20, 4.30, the Central Management Console (CMC) does not sufficiently encode user controlled inputs which results in Cross-Site Scripting.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-03-14
Under certain conditions SAP Business Client 6.5 allows an attacker to access information which would otherwise be restricted.
CVSS Score
6.7
EPSS Score
0.002
Published
2018-03-14
Cross-Site Scripting in Process Monitoring Infrastructure, from 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, due to inefficient encoding of user controlled inputs.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-03-14
In systems using the optional capture & replay functionality of SAP HANA, 1.00 and 2.00, (see SAP Note 2362820 for more information about capture & replay), user credentials may be stored in clear text in the indexserver trace files of the control system. An attacker with the required authorizations on the control system may be able to access the user credentials and gain unauthorized access to data in the captured or target system.
CVSS Score
7.6
EPSS Score
0.003
Published
2018-03-14
SAP NetWeaver Portal, WebDynpro Java, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-03-01