Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sap ui 2.0 vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2019-0388
SAP UI5 HTTP Handler (corrected in SAP_UI versions 7.5, 7.51, 7.52, 7.53, 7.54 and SAP UI_700 version 2.0) allows an malicious user to manipulate content due to insufficient URL validation.
Sap Ui 7.5
Sap Ui 7.51
Sap Ui 7.52
Sap Ui 2.0
Sap Ui 7.53
Sap Ui 7.54
5.3
CVSSv3
CVE-2018-2428
Under certain conditions SAP UI5 Handler allows an malicious user to access information which would otherwise be restricted. Software components affected are: SAP Infrastructure 1.0, SAP UI 7.4, 7.5, 7.51, 7.52 and version 2.0 of SAP UI for SAP NetWeaver 7.00.
Sap Ui 7.4
Sap Ui 7.5
Sap Ui 7.51
Sap Ui 7.52
Sap Infrastructure 1.0
Sap Ui 2.0
7.5
CVSSv3
CVE-2018-2424
SAP UI5 did not validate user input before adding it to the DOM structure. This may lead to malicious user-provided JavaScript code being added to the DOM that could steal user information. Software components affected are: SAP Hana Database 1.00, 2.00; SAP UI5 1.00; SAP UI5 (Jav...
Sap Hana Database 2.00
Sap Hana Database 1.00
Sap Ui 7.51
Sap Ui 7.52
Sap Ui 2.0
Sap Ui 7.40
Sap Ui 7.50
Sap Ui5 Java 7.30
Sap Ui5 Java 7.31
Sap Ui5 Java 7.40
Sap Ui5 Java 7.50
Sap Ui5 1.00
6.1
CVSSv3
CVE-2022-41266
Due to a lack of proper input validation, SAP Commerce Webservices 2.0 (Swagger UI) - versions 1905, 2005, 2105, 2011, 2205, allows malicious inputs from untrusted sources, which can be leveraged by an malicious user to execute a DOM Cross-Site Scripting (XSS) attack. As a result...
Sap Commerce Webservices 2.0 1905
Sap Commerce Webservices 2.0 2005
Sap Commerce Webservices 2.0 2105
Sap Commerce Webservices 2.0 2011
Sap Commerce Webservices 2.0 2205
4.3
CVSSv3
CVE-2018-2434
A content spoofing vulnerability in the following components allows to render html pages containing arbitrary plain text content, which might fool an end user: UI add-on for SAP NetWeaver (UI_Infra, 1.0), SAP UI Implementation for Decoupled Innovations (UI_700, 2.0): SAP NetWeave...
Sap Netweaver 7.0
Sap Ui Infra 1.0
Sap User Interface Technology 7.4
Sap User Interface Technology 7.5
Sap User Interface Technology 7.51
Sap User Interface Technology 7.52
3.5
CVSSv3
CVE-2023-49578
SAP Cloud Connector - version 2.0, allows an authenticated user with low privilege to perform Denial of service attack from adjacent UI by sending a malicious request which leads to low impact on the availability and no impact on confidentiality or Integrity of the application.
Sap Cloud Connector 2.0
6.1
CVSSv3
CVE-2022-22529
SAP Enterprise Threat Detection (ETD) - version 2.0, does not sufficiently encode user-controlled inputs which may lead to an unauthorized attacker possibly exploit XSS vulnerability. The UIs in ETD are using SAP UI5 standard controls, the UI5 framework provides automated output ...
Sap Enterprise Threat Detection 2.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started