Sap: >> Enable Now >> 1908 Security Vulnerabilities
Due to missing verification of file type or
content, SAP Enable Now allows an authenticated attacker to upload arbitrary
files. These files include executables which might be downloaded and executed
by the user which could host malware. On successful exploitation an attacker
can cause limited impact on confidentiality and Integrity of the application.
CVSS Score
3.3
EPSS Score
0.001
Published
2024-07-09
SAP Enable Now, before version 1911, sends the Session ID cookie value in URL. This might be stolen from the browser history or log files, leading to Information Disclosure.
CVSS Score
5.4
EPSS Score
0.001
Published
2020-03-10
SAP Enable Now, before version 1911, leaks information about network configuration in the server error messages, leading to Information Disclosure.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-12-11
SAP Enable Now, before version 1911, leaks information about the existence of a particular user which can be used to construct a list of users, leading to a user enumeration vulnerability and Information Disclosure.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-12-11
SAP Enable Now, before version 1911, allows an attacker to input commands into the CSV files, which will be executed when opened, leading to CSV Command Injection.
CVSS Score
9.8
EPSS Score
0.066
Published
2019-12-11