Total
33979 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-0389 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An administrator of SAP NetWeaver Application Server Java (J2EE-Framework), (corrected in versions 7.1, 7.2, 7.3, 7.31, 7.4, 7.5), may change privileges for all or some functions in Java Server, and enable users to execute functions, they are not allowed to execute otherwise. | |||||
| CVE-2019-0365 | 1 Sap | 5 Sap Kernel, Sap Kernel Krnl32nuc, Sap Kernel Krnl32uc and 2 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| SAP Kernel (RFC), KRNL32NUC, KRNL32UC and KRNL64NUC before versions 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64UC, before versions 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73 and KERNEL before versions 7.21, 7.49, 7.53, 7.73, 7.76 SAP GUI for Windows (BC-FES-GUI) before versions 7.5, 7.6, and SAP GUI for Java (BC-FES-JAV) before version 7.5, allow an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. | |||||
| CVE-2019-0364 | 1 Sap | 1 Hana Extended Application Services | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Attackers may misuse an HTTP/REST endpoint of SAP HANA Extended Application Services (Advanced model), before version 1.0.118, to enumerate open ports. | |||||
| CVE-2019-0363 | 1 Sap | 1 Hana Extended Application Services | 2024-11-21 | 5.5 MEDIUM | 7.1 HIGH |
| Attackers may misuse an HTTP/REST endpoint of SAP HANA Extended Application Services (Advanced model), before version 1.0.118, to overload the server or retrieve information about internal network ports. | |||||
| CVE-2019-0357 | 1 Sap | 1 Hana | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
| The administrator of SAP HANA database, before versions 1.0 and 2.0, can misuse HANA to execute commands with operating system "root" privileges. | |||||
| CVE-2019-0356 | 1 Sap | 1 Netweaver Process Integration | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Under certain conditions SAP NetWeaver Process Integration Runtime Workbench – MESSAGING and SAP_XIAF (before versions 7.31, 7.40, 7.50) allows an attacker to access information which would otherwise be restricted. | |||||
| CVE-2019-0353 | 1 Sap | 1 Business One Client | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| Under certain conditions SAP Business One client (B1_ON_HANA, SAP-M-BO), before versions 9.2 and 9.3, allows an attacker to access information which would otherwise be restricted. | |||||
| CVE-2019-0351 | 1 Sap | 1 Netweaver | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A remote code execution vulnerability exists in the SAP NetWeaver UDDI Server (Services Registry), versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50. Because of this, an attacker can exploit Services Registry potentially enabling them to take complete control of the product, including viewing, changing, or deleting data by injecting code into the working memory which is subsequently executed by the application. It can also be used to cause a general fault in the product, causing the product to terminate. | |||||
| CVE-2019-0350 | 1 Sap | 1 Hana Database | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| SAP HANA Database, versions 1.0, 2.0, allows an unauthorized attacker to send a malformed connection request, which crashes the indexserver of an SAP HANA instance, leading to Denial of Service | |||||
| CVE-2019-0333 | 1 Sap | 1 Businessobjects Business Intelligence | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| In some situations, when a client cancels a query in SAP BusinessObjects Business Intelligence Platform (Web Intelligence), versions 4.2, 4.3, the attacker can then query and receive the whole data set instead of just what is part of their authorized security profile, resulting in Information Disclosure. | |||||
| CVE-2019-0331 | 1 Sap | 1 Businessobjects Business Intelligence | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Under certain conditions, SAP BusinessObjects Business Intelligence Platform (BI Workspace), versions 4.1, 4.2, 4.3, allows an attacker to access sensitive data such as directory structure, leading to Information Disclosure. | |||||
| CVE-2019-0322 | 1 Sap | 1 Commerce Cloud | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| SAP Commerce Cloud (previously known as SAP Hybris Commerce), (HY_COM, versions 6.3, 6.4, 6.5, 6.6, 6.7, 1808, 1811), allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. | |||||
| CVE-2019-0318 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-21 | 3.5 LOW | 5.3 MEDIUM |
| Under certain conditions SAP NetWeaver Application Server for Java (Startup Framework), versions 7.21, 7.22, 7.45, 7.49, and 7.53, allows an attacker to access information which would otherwise be restricted. | |||||
| CVE-2019-0315 | 1 Sap | 1 Netweaver Process Integration | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Under certain conditions the PI Integration Builder Web UI of SAP NetWeaver Process Integration (versions: SAP_XIESR: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, SAP_XITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50 and SAP_XIPCK 7.10 to 7.11, 7.20, 7.30) allows an attacker to access passwords used in FTP channels leading to information disclosure. | |||||
| CVE-2019-0314 | 1 Sap | 2 Inventory Manager, Work Manager | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| SAP Work Manager, versions: 6.3, 6.4, 6.5 and SAP Inventory Manager, version 4.3, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. | |||||
| CVE-2019-0306 | 1 Sap | 1 Hana Extended Application Services | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| SAP HANA Extended Application Services (advanced model), version 1, allows authenticated low privileged XS Advanced Platform users such as SpaceAuditors to execute requests to obtain a complete list of SAP HANA user IDs and names. | |||||
| CVE-2019-0291 | 1 Sap | 1 Solution Manager | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Under certain conditions Solution Manager, version 7.2, allows an attacker to access information which would otherwise be restricted. | |||||
| CVE-2019-0289 | 1 Sap | 1 Businessobjects | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
| Under certain conditions SAP BusinessObjects Business Intelligence platform (Analysis for OLAP), versions 4.2 and 4.3, allows an attacker to access information which would otherwise be restricted. | |||||
| CVE-2019-0287 | 1 Sap | 1 Businessobjects | 2024-11-21 | 6.8 MEDIUM | 7.6 HIGH |
| Under certain conditions SAP BusinessObjects Business Intelligence platform (Central Management Server), versions 4.2 and 4.3, allows an attacker to access information which would otherwise be restricted. | |||||
| CVE-2019-0278 | 1 Sap | 1 Netweaver Process Integration | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Under certain conditions the Monitoring Servlet of the SAP NetWeaver Process Integration (Messaging System), fixed in versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to see the names of database tables used by the application, leading to information disclosure. | |||||