Vulnerabilities
Vulnerable Software
Sap:  >> Disclosure Management  Security Vulnerabilities
SAP Disclosure Management (before version 10.1 Stack 1301) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
CVSS Score
5.4
EPSS Score
0.003
Published
2019-02-15
SAP Disclosure Management 10.x allows an attacker to exploit through a specially crafted zip file provided by users: When extracted in specific use cases, files within this zip file can land in different locations than the originally intended extraction point.
CVSS Score
8.3
EPSS Score
0.007
Published
2018-11-13
Under certain conditions, SAP Disclosure Management 10.1 allows an attacker to access information which would otherwise be restricted. It is possible for an authorized user to get SAP Disclosure Management to point a specific chapter type to a chapter the user has not been given access to.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-04-10
SAP Disclosure Management 10.1 allows an attacker to upload any file without proper file format validation.
CVSS Score
4.3
EPSS Score
0.003
Published
2018-04-10
SAP Disclosure Management 10.1 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
CVSS Score
3.8
EPSS Score
0.004
Published
2018-04-10
SAP Disclosure Management 10.1 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
CVSS Score
5.4
EPSS Score
0.004
Published
2018-04-10


Contact Us

Shodan ® - All rights reserved