Sap: >> Enable Now >> 1902 Security Vulnerabilities
Due to missing verification of file type or
content, SAP Enable Now allows an authenticated attacker to upload arbitrary
files. These files include executables which might be downloaded and executed
by the user which could host malware. On successful exploitation an attacker
can cause limited impact on confidentiality and Integrity of the application.
CVSS Score
3.3
EPSS Score
0.001
Published
2024-07-09
SAP Enable Now, before version 1911, sends the Session ID cookie value in URL. This might be stolen from the browser history or log files, leading to Information Disclosure.
CVSS Score
5.4
EPSS Score
0.001
Published
2020-03-10
SAP Enable Now, before version 1908, does not invalidate session tokens in a timely manner. The Insufficient Session Expiration may allow attackers with local access, for instance, to still download the portables.
CVSS Score
3.8
EPSS Score
0.001
Published
2020-03-10
SAP Enable Now, before version 1911, leaks information about network configuration in the server error messages, leading to Information Disclosure.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-12-11
SAP Enable Now, before version 1911, leaks information about the existence of a particular user which can be used to construct a list of users, leading to a user enumeration vulnerability and Information Disclosure.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-12-11
SAP Enable Now, before version 1911, allows an attacker to input commands into the CSV files, which will be executed when opened, leading to CSV Command Injection.
CVSS Score
9.8
EPSS Score
0.066
Published
2019-12-11
SAP Enable Now, before version 1908, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
CVSS Score
6.5
EPSS Score
0.004
Published
2019-11-13
The session cookie used by SAP Enable Now, version 1902, does not have the HttpOnly flag set. If an attacker runs script code in the context of the application, he could get access to the session cookie. The session cookie could then be abused to gain access to the application.
CVSS Score
8.8
EPSS Score
0.002
Published
2019-08-14