Shodan
Vulnerabilities
Vulnerable Software
Sap:  Security Vulnerabilities
CVE-2019-0246
SAP Cloud Connector, before version 2.11.3, does not perform any authentication checks for functionalities that require user identity.
CVSS Score
9.8
EPSS Score
0.034
Published
2019-01-08
CVE-2019-0247
SAP Cloud Connector, before version 2.11.3, allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.
CVSS Score
9.8
EPSS Score
0.006
Published
2019-01-08
CVE-2019-0248
Under certain conditions SAP Gateway of ABAP Application Server (fixed in SAP_GWFND 7.5, 7.51, 7.52, 7.53; SAP_BASIS 7.5) allows an attacker to access information which would otherwise be restricted.
CVSS Score
5.9
EPSS Score
0.004
Published
2019-01-08
CVE-2018-2486
SAP Marketing (UICUAN (1.20, 1.30, 1.40), SAPSCORE (1.13, 1.14)) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
CVSS Score
5.4
EPSS Score
0.004
Published
2018-12-11
CVE-2018-2492
SAML 2.0 functionality in SAP NetWeaver AS Java, does not sufficiently validate XML documents received from an untrusted source. This is fixed in versions 7.2, 7.30, 7.31, 7.40 and 7.50.
CVSS Score
7.1
EPSS Score
0.004
Published
2018-12-11
CVE-2018-2494
Necessary authorization checks for an authenticated user, resulting in escalation of privileges, have been fixed in SAP Basis AS ABAP of SAP NetWeaver 700 to 750, from 750 onwards delivered as ABAP Platform.
CVSS Score
8.0
EPSS Score
0.003
Published
2018-12-11
CVE-2018-2497
The security audit log of SAP HANA, versions 1.0 and 2.0, does not log SELECT events if these events are part of a statement with the syntax CREATE TABLE <table_name> AS SELECT.
CVSS Score
2.7
EPSS Score
0.002
Published
2018-12-11
CVE-2018-2500
Under certain conditions SAP Mobile Secure Android client (before version 6.60.19942.0 SP28 1711) allows an attacker to access information which would otherwise be restricted.
CVSS Score
4.7
EPSS Score
0.001
Published
2018-12-11
CVE-2018-2502
TRACE method is enabled in SAP Business One Service Layer . Attacker can use XST (Cross Site Tracing) attack if frontend applications that are using Service Layer has a XSS vulnerability. This has been fixed in SAP Business One Service Layer (B1_ON_HANA, versions 9.2, 9.3).
CVSS Score
6.1
EPSS Score
0.004
Published
2018-12-11
CVE-2018-2503
By default, the SAP NetWeaver AS Java keystore service does not sufficiently restrict the access to resources that should be protected. This has been fixed in SAP NetWeaver AS Java (ServerCore versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50).
CVSS Score
7.4
EPSS Score
0.002
Published
2018-12-11


Products
Pricing
Contact Us

Shodan ® - All rights reserved