Shodan
Vulnerabilities
Vulnerable Software
Sap:  Security Vulnerabilities
CVE-2018-2367
ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs.
CVSS Score
8.8
EPSS Score
0.018
Published
2018-03-01
CVE-2018-2368
SAP NetWeaver System Landscape Directory, LM-CORE 7.10, 7.20, 7.30, 7.31, 7.40, does not perform any authentication checks for functionalities that require user identity.
CVSS Score
9.8
EPSS Score
0.022
Published
2018-03-01
CVE-2018-2380
Known exploited
SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs.
CVSS Score
6.6
EPSS Score
0.455
Published
2018-03-01
CVE-2018-2383
Reflected cross-site scripting vulnerability in SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-02-14
CVE-2018-2384
Under certain conditions a malicious user provoking a Null Pointer dereference can prevent legitimate users from accessing the SAP Internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, and its services.
CVSS Score
6.5
EPSS Score
0.004
Published
2018-02-14
CVE-2018-2385
Under certain conditions a malicious user provoking a divide by zero crash can prevent legitimate users from accessing the SAP Internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, and its services.
CVSS Score
6.5
EPSS Score
0.004
Published
2018-02-14
CVE-2018-2386
Under certain conditions a malicious user provoking an out of bounds buffer overflow can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53.
CVSS Score
6.5
EPSS Score
0.004
Published
2018-02-14
CVE-2018-2387
A vulnerability in the SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, could allow a malicious user to obtain information on ports, which is not available to the user otherwise.
CVSS Score
6.5
EPSS Score
0.003
Published
2018-02-14
CVE-2018-2388
Stored cross-site scripting vulnerability in SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-02-14
CVE-2018-2389
Under certain conditions a malicious user can inject log files of SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, hiding important information in the log file.
CVSS Score
5.7
EPSS Score
0.002
Published
2018-02-14


Products
Pricing
Contact Us

Shodan ® - All rights reserved