Total
36961 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-0375 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows execution of scripts in the export dialog box of the report name resulting in reflected Cross-Site Scripting. | |||||
| CVE-2019-0374 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows execution of scripts in the chart title resulting in reflected Cross-Site Scripting | |||||
| CVE-2019-0369 | 1 Sap | 1 Financial Consolidation | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| SAP Financial Consolidation, before versions 10.0 and 10.1, does not sufficiently encode user-controlled inputs, which allows an attacker to execute scripts by uploading files containing malicious scripts, leading to reflected cross site scripting vulnerability. | |||||
| CVE-2019-0368 | 1 Sap | 2 Customer Relationship Management Bbpcrm, Customer Relationship Management S4crm | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| SAP Customer Relationship Management (Email Management), versions: S4CRM before 1.0 and 2.0, BBPCRM before 7.0, 7.01, 7.02, 7.12, 7.13 and 7.14, does not sufficiently encode user-controlled inputs within the mail client resulting in Cross-Site Scripting vulnerability. | |||||
| CVE-2019-0361 | 1 Sap | 1 Supplier Relationship Management | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP Supplier Relationship Management (Master Data Management Catalog - SRM_MDM_CAT, before versions 3.73, 7.31, 7.32) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2019-0337 | 1 Sap | 1 Netweaver Process Integration | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Java Proxy Runtime of SAP NetWeaver Process Integration, versions 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs and allows an attacker to execute malicious scripts in the url thereby resulting in Reflected Cross-Site Scripting (XSS) vulnerability | |||||
| CVE-2019-0335 | 1 Sap | 1 Businessobjects Business Intelligence | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Under certain conditions SAP BusinessObjects Business Intelligence Platform (Central Management Console), versions 4.1, 4.2, 4.3, allows an attacker to store a malicious payload within the description field of a user account. The payload is triggered when the mouse cursor is moved over the description field in the list, when generating the little yellow informational pop up box, resulting in Stored Cross Site Scripting Attack. | |||||
| CVE-2019-0334 | 1 Sap | 1 Businessobjects Business Intelligence | 2024-11-21 | 4.9 MEDIUM | 5.4 MEDIUM |
| When creating a module in SAP BusinessObjects Business Intelligence Platform (BI Workspace), versions 4.1, 4.2, 4.3, it is possible to store a malicious script which when executed later could potentially allow a user to escalate privileges via session hijacking. The attacker could also access other sensitive information, leading to Stored Cross Site Scripting. | |||||
| CVE-2019-0332 | 1 Sap | 1 Businessobjects Business Intelligence | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP BusinessObjects Business Intelligence Platform (Info View), versions 4.1, 4.2, 4.3, allows an attacker to give some payload for keyword in the search and it will be executed while search performs its action, resulting in Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2019-0329 | 1 Sap | 1 Information Steward | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP Information Steward, version 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2019-0326 | 1 Sap | 1 Businessobjects Business Intelligence | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP BusinessObjects Business Intelligence Platform (BI Workspace) (Enterprise), versions 4.1, 4.2, 4.3, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2019-0321 | 1 Sap | 2 Netweaver Application Server Abap, Netweaver As Abap | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| ABAP Server and ABAP Platform (SAP Basis), versions, 7.31, 7.4, 7.5, do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2019-0319 | 1 Sap | 2 Gateway, Ui5 | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is displayed in the form of an error message. An attacker could thus mislead a user to believe this information is from the legitimate service when it's not. | |||||
| CVE-2019-0316 | 1 Sap | 1 Netweaver Process Integration | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| SAP NetWeaver Process Integration, versions: SAP_XIESR: 7.20, SAP_XITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate user-controlled inputs, which allows an attacker possessing admin privileges to read and modify data from the victim’s browser, by injecting malicious scripts in certain servlets, which will be executed when the victim is tricked to click on those malicious links, resulting in reflected Cross Site Scripting vulnerability. | |||||
| CVE-2019-0311 | 1 Sap | 1 R\/3 Enterprise | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Automotive Dealer Portal in SAP R/3 Enterprise Application (versions: 600, 602, 603, 604, 605, 606, 616, 617) does not sufficiently encode user-controlled inputs, this makes it possible for an attacker to send unwanted scripts to the browser of the victim using unwanted input and execute malicious code there, resulting in Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2019-0308 | 1 Sap | 1 E-commerce | 2024-11-21 | 3.5 LOW | 6.8 MEDIUM |
| An authenticated attacker in SAP E-Commerce (Business-to-Consumer application), versions 7.3, 7.31, 7.32, 7.33, 7.54, can change the price of the product to zero and also checkout, by injecting an HTML code in the application that will be executed whenever the victim logs in to the application even on a different machine, leading to Code Injection. | |||||
| CVE-2019-0303 | 1 Sap | 1 Businessobjects | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP BusinessObjects Business Intelligence Platform (Administration Console), versions 4.2, 4.3, module BILogon/appService.jsp is reflecting requested parameter errMsg into response content without sanitation. This could be used by an attacker to build a special url that execute custom JavaScript code when the url is accessed. | |||||
| CVE-2019-0298 | 1 Sap | 1 E-commerce | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP E-Commerce (Business-to-Consumer) application does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Fixed in the following components SAP-CRMJAV SAP-CRMWEB SAP-SHRWEB SAP-SHRJAV SAP-CRMAPP SAP-SHRAPP, versions 7.30, 7.31, 7.32, 7.33, 7.54. | |||||
| CVE-2019-0281 | 1 Sap | 1 Openui5 | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAPUI5 and OpenUI5, before versions 1.38.39, 1.44.39, 1.52.25, 1.60.6 and 1.63.0, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2019-0275 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| SAML 1.1 SSO Demo Application in SAP NetWeaver Java Application Server (J2EE-APPS), versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40 and 7.50, does not sufficiently encode user-controlled inputs, which results in cross-site scripting (XSS) vulnerability. | |||||