Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sap ui 2.0 vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2019-0388
SAP UI5 HTTP Handler (corrected in SAP_UI versions 7.5, 7.51, 7.52, 7.53, 7.54 and SAP UI_700 version 2.0) allows an malicious user to manipulate content due to insufficient URL validation.
Sap Ui 2.0
Sap Ui 7.5
Sap Ui 7.51
Sap Ui 7.52
Sap Ui 7.53
Sap Ui 7.54
445
VMScore
CVE-2018-2428
Under certain conditions SAP UI5 Handler allows an malicious user to access information which would otherwise be restricted. Software components affected are: SAP Infrastructure 1.0, SAP UI 7.4, 7.5, 7.51, 7.52 and version 2.0 of SAP UI for SAP NetWeaver 7.00.
Sap Ui 7.52
Sap Infrastructure 1.0
Sap Ui 2.0
Sap Ui 7.5
Sap Ui 7.4
Sap Ui 7.51
445
VMScore
CVE-2018-2424
SAP UI5 did not validate user input before adding it to the DOM structure. This may lead to malicious user-provided JavaScript code being added to the DOM that could steal user information. Software components affected are: SAP Hana Database 1.00, 2.00; SAP UI5 1.00; SAP UI5 (Jav...
Sap Ui 7.51
Sap Ui 7.52
Sap Ui5 Java 7.30
Sap Ui5 Java 7.31
Sap Ui 2.0
Sap Ui 7.50
Sap Ui5 Java 7.40
Sap Ui5 1.00
Sap Hana Database 2.00
Sap Ui 7.40
Sap Ui5 Java 7.50
Sap Hana Database 1.00
NA
CVE-2022-41266
Due to a lack of proper input validation, SAP Commerce Webservices 2.0 (Swagger UI) - versions 1905, 2005, 2105, 2011, 2205, allows malicious inputs from untrusted sources, which can be leveraged by an malicious user to execute a DOM Cross-Site Scripting (XSS) attack. As a result...
Sap Commerce Webservices 2.0 1905
Sap Commerce Webservices 2.0 2005
Sap Commerce Webservices 2.0 2105
Sap Commerce Webservices 2.0 2011
Sap Commerce Webservices 2.0 2205
383
VMScore
CVE-2018-2434
A content spoofing vulnerability in the following components allows to render html pages containing arbitrary plain text content, which might fool an end user: UI add-on for SAP NetWeaver (UI_Infra, 1.0), SAP UI Implementation for Decoupled Innovations (UI_700, 2.0): SAP NetWeave...
Sap Ui Infra 1.0
Sap User Interface Technology 7.5
Sap User Interface Technology 7.51
Sap User Interface Technology 7.52
Sap Netweaver 7.0
Sap User Interface Technology 7.4
NA
CVE-2023-49578
SAP Cloud Connector - version 2.0, allows an authenticated user with low privilege to perform Denial of service attack from adjacent UI by sending a malicious request which leads to low impact on the availability and no impact on confidentiality or Integrity of the application.
Sap Cloud Connector 2.0
384
VMScore
CVE-2022-22529
SAP Enterprise Threat Detection (ETD) - version 2.0, does not sufficiently encode user-controlled inputs which may lead to an unauthorized attacker possibly exploit XSS vulnerability. The UIs in ETD are using SAP UI5 standard controls, the UI5 framework provides automated output ...
Sap Enterprise Threat Detection 2.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304
CVE-2024-4240
arbitrary
CVE-2024-31601
XSS
CVE-2023-20198
CVE-2024-4256
CVE-2024-3342
encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started