Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sap vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2019-0259
SAP BusinessObjects, versions 4.2 and 4.3, (Visual Difference) allows an malicious user to upload any file (including script files) without proper file format validation.
Sap Businessobjects 4.3
Sap Businessobjects 4.2
9.8
CVSSv3
CVE-2019-0261
Under certain circumstances, SAP HANA Extended Application Services, advanced model (XS advanced) does not perform authentication checks properly for XS advanced platform and business users. Fixed in 1.0.97 to 1.0.99 (running on SAP HANA 1 or SAP HANA 2 SPS0 (second S stands for ...
Sap Landscape Management 3.0
9.8
CVSSv3
CVE-2019-0246
SAP Cloud Connector, before version 2.11.3, does not perform any authentication checks for functionalities that require user identity.
Sap Cloud Connector
1 Article
9.8
CVSSv3
CVE-2019-0247
SAP Cloud Connector, before version 2.11.3, allows an malicious user to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.
Sap Cloud Connector
1 Article
9.8
CVSSv3
CVE-2018-11247
The JMX/RMI interface in Nasdaq BWise 5.0 does not require authentication for an SAP BO Component, which allows remote malicious users to execute arbitrary code via a session on port 81.
Nasdaq Bwise 5.0
9.8
CVSSv3
CVE-2018-2420
SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an malicious user to upload any file (including script files) without proper file format validation.
Sap Internet Graphics Server 7.45
Sap Internet Graphics Server 7.49
Sap Internet Graphics Server 7.53
Sap Internet Graphics Server 7.20
Sap Internet Graphics Server 7.20ext
9.8
CVSSv3
CVE-2018-2418
SAP MaxDB ODBC driver (all versions prior to 7.9.09.07) allows an malicious user to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.
Sap Maxdb Odbc Driver
9.8
CVSSv3
CVE-2018-2404
SAP Disclosure Management 10.1 allows an malicious user to upload any file without proper file format validation.
Sap Disclosure Management 10.1
9.8
CVSSv3
CVE-2018-2368
SAP NetWeaver System Landscape Directory, LM-CORE 7.10, 7.20, 7.30, 7.31, 7.40, does not perform any authentication checks for functionalities that require user identity.
Sap Netweaver System Landscape Directory 7.40
Sap Netweaver System Landscape Directory 7.10
Sap Netweaver System Landscape Directory 7.20
Sap Netweaver System Landscape Directory 7.30
Sap Netweaver System Landscape Directory 7.31
9.8
CVSSv3
CVE-2017-16684
SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, and 4.30, does not perform authentication checks for functionalities that require user identity.
Sap Business Intelligence Promotion Management Application 4.10
Sap Business Intelligence Promotion Management Application 4.20
Sap Business Intelligence Promotion Management Application 4.30
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »