Total
31711 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-2471 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 allows an attacker to access information which would otherwise be restricted. | |||||
| CVE-2018-2469 | 1 Sap | 1 Adaptive Server Enterprise | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Under certain conditions SAP Adaptive Server Enterprise (ASE), versions 15.7 and 16.0, allows an attacker to access information which would otherwise be restricted. | |||||
| CVE-2018-2468 | 1 Sap | 1 Adaptive Server Enterprise | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Under certain conditions the backup server in SAP Adaptive Server Enterprise (ASE), versions 15.7 and 16.0, allows an attacker to access information which would otherwise be restricted. | |||||
| CVE-2018-2467 | 1 Sap | 1 Businessobjects Bi Platform | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In the Software Development Kit in SAP BusinessObjects BI Platform Servers, versions 4.1 and 4.2, using the specially crafted URL in a Web Browser such as Chrome the system returns an error with the path of the used application server. | |||||
| CVE-2018-2459 | 1 Sap | 1 Mobile Platform | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Users of an SAP Mobile Platform (version 3.0) Offline OData application, which uses Offline OData-supplied delta tokens (which is on by default), occasionally receive some data values of a different user. | |||||
| CVE-2018-2458 | 1 Sap | 1 Business One | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Under certain conditions, Crystal Report using SAP Business One, versions 9.2 and 9.3, connection type allows an attacker to access information which would otherwise be restricted. | |||||
| CVE-2018-2457 | 1 Sap | 1 Adaptive Server Enterprise | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Under certain conditions SAP Adaptive Server Enterprise, version 16.0, allows some privileged users to access information which would otherwise be restricted. | |||||
| CVE-2018-2448 | 1 Sap | 1 Supplier Relationship Management Mdm Catalog | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Under certain conditions SAP SRM-MDM (CATALOG versions 3.0, 7.01, 7.02) utilities functionality allows an attacker to access information of user existence which would otherwise be restricted. | |||||
| CVE-2018-2446 | 1 Sap | 1 Businessobjects Business Intelligence | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Admin tools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allow an unauthenticated user to read sensitive information (server name), hence leading to an information disclosure. | |||||
| CVE-2018-2441 | 1 Sap | 1 Sap Kernel | 2024-11-21 | 5.5 MEDIUM | 5.5 MEDIUM |
| Under certain conditions the SAP Change and Transport System (ABAP), SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49, 7.53 and 7.73, allows an attacker to transport information which would otherwise be restricted. | |||||
| CVE-2018-2438 | 1 Sap | 1 Internet Graphics Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, has several denial-of-service vulnerabilities that allow an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. | |||||
| CVE-2018-2437 | 1 Sap | 1 Internet Graphics Server | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| The SAP Internet Graphics Service (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to externally trigger IGS command executions which can lead to: disclosure of information and malicious file insertion or modification. | |||||
| CVE-2018-2433 | 1 Sap | 1 Sap Kernel | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| SAP Gateway (SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.53) allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. | |||||
| CVE-2018-2428 | 1 Sap | 2 Infrastructure, Ui | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Under certain conditions SAP UI5 Handler allows an attacker to access information which would otherwise be restricted. Software components affected are: SAP Infrastructure 1.0, SAP UI 7.4, 7.5, 7.51, 7.52 and version 2.0 of SAP UI for SAP NetWeaver 7.00. | |||||
| CVE-2018-2425 | 1 Sap | 1 Business One | 2024-11-21 | 2.1 LOW | 8.4 HIGH |
| Under certain conditions, SAP Business One, 9.2, 9.3, for SAP HANA backup service allows an attacker to access information which would otherwise be restricted. | |||||
| CVE-2018-2423 | 1 Sap | 1 Internet Graphics Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, HTTP and RFC listener allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. | |||||
| CVE-2018-2422 | 1 Sap | 1 Internet Graphics Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| SAP Internet Graphics Server (IGS) Portwatcher, 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. | |||||
| CVE-2018-2421 | 1 Sap | 1 Internet Graphics Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| SAP Internet Graphics Server (IGS) Portwatcher, 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. | |||||
| CVE-2018-2417 | 1 Sap | 1 Identity Management | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Under certain conditions, the SAP Identity Management 8.0 (pass of type ToASCII) allows an attacker to access information which would otherwise be restricted. | |||||
| CVE-2018-2403 | 1 Sap | 1 Disclosure Management | 2024-11-21 | 4.0 MEDIUM | 5.4 MEDIUM |
| Under certain conditions, SAP Disclosure Management 10.1 allows an attacker to access information which would otherwise be restricted. It is possible for an authorized user to get SAP Disclosure Management to point a specific chapter type to a chapter the user has not been given access to. | |||||