Vulnerabilidades em SAP

159 resultados

CVE-2017-16680—Two potential audit log injections in SAP HANA extended application services 1.0, advanced model: 1) Certain HTTP/REST endpoints of controllEPSS 1.7%CVE-2018-2463—The Omni Commerce Connect API (OCC) of SAP Hybris Commerce, versions 6.*, is vulnerable to server-side request forgery (SSRF) attacks. This EPSS 1.6%CVE-2018-2449—SAP SRM MDM Catalog versions 3.73, 7.31, 7.32 in (SAP NetWeaver 7.3) - import functionality does not perform authentication checks for validEPSS 1.6%CVE-2018-2462—In certain cases, BEx Web Java Runtime Export Web Service in SAP NetWeaver BI 7.30, 7.31. 7.40, 7.41, 7.50, does not sufficiently validate aEPSS 1.6%CVE-2017-16682—SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with aEPSS 1.6%CVE-2018-2439—The SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, has insufficient request validation (for example, where the requestEPSS 1.6%CVE-2018-2473—SAP BusinessObjects Business Intelligence Platform Server, versions 4.1 and 4.2, when using Web Intelligence Richclient 3 tiers mode gatewayEPSS 1.5%CVE-2018-2487—SAP Disclosure Management 10.x allows an attacker to exploit through a specially crafted zip file provided by users: When extracted in speciEPSS 1.5%CVE-2018-2416—SAP Identity Management 7.2 and 8.0 do not sufficiently validate an XML document accepted from an untrusted source.EPSS 1.5%CVE-2018-2481—In some SAP standard roles, in SAP_ABA versions, 7.00 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, 75C to 75D, a transaction code reservedEPSS 1.5%CVE-2017-16683—Denial of Service (DOS) in SAP Business Objects Platform, Enterprise 4.10 and 4.20, that could allow an attacker to prevent legitimate usersEPSS 1.4%CVE-2018-2452—The logon application of SAP NetWeaver AS Java 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user-controlled inputEPSS 1.4%CVE-2018-2467—In the Software Development Kit in SAP BusinessObjects BI Platform Servers, versions 4.1 and 4.2, using the specially crafted URL in a Web BEPSS 1.4%CVE-2018-2448—Under certain conditions SAP SRM-MDM (CATALOG versions 3.0, 7.01, 7.02) utilities functionality allows an attacker to access information of EPSS 1.4%CVE-2018-2475—Following the Gardener architecture, the Kubernetes apiserver of a Gardener managed shoot cluster resides in the corresponding seed cluster.EPSS 1.3%CVE-2018-2502—TRACE method is enabled in SAP Business One Service Layer . Attacker can use XST (Cross Site Tracing) attack if frontend applications that aEPSS 1.3%CVE-2018-2461—Missing authorization check in SAP HCM Fiori "People Profile" (GBX01 HR version 6.0) for an authenticated user which may result in an escalaEPSS 1.3%CVE-2018-2455—SAP Enterprise Financial Services, versions 6.05, 6.06, 6.16, 6.17, 6.18, 8.0 (in business function EAFS_BCA_BUSOPR_SEPA) does not perform nEPSS 1.3%CVE-2018-2454—SAP Enterprise Financial Services, versions 6.05, 6.06, 6.16, 6.17, 6.18, 8.0 (in business function EAFS_BCA_BUSOPR_2) does not perform neceEPSS 1.3%CVE-2018-2436—Executing transaction WRCK in SAP R/3 Enterprise Retail (EHP6) does not perform necessary authorization checks for an authenticated user, reEPSS 1.3%

← anteriorpágina 2 / 8próxima →