Show filters
189 Total Results
Displaying 171-180 of 189
Sort by:
Attacker Value
Unknown

CVE-2018-2492

Disclosure Date: December 11, 2018 (last updated November 27, 2024)
SAML 2.0 functionality in SAP NetWeaver AS Java, does not sufficiently validate XML documents received from an untrusted source. This is fixed in versions 7.2, 7.30, 7.31, 7.40 and 7.50.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2018-2477

Disclosure Date: November 13, 2018 (last updated November 27, 2024)
Knowledge Management (XMLForms) in SAP NetWeaver, versions 7.30, 7.31, 7.40 and 7.50 does not sufficiently validate an XML document accepted from an untrusted source.
0
0
Attacker Value
Unknown

CVE-2018-2452

Disclosure Date: September 11, 2018 (last updated November 27, 2024)
The logon application of SAP NetWeaver AS Java 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user-controlled inputs, resulting in a cross-site scripting (XSS) vulnerability.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2018-2464

Disclosure Date: September 11, 2018 (last updated November 27, 2024)
SAP WebDynpro Java, versions 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting (XSS) vulnerability.
0
0
Attacker Value
Unknown

CVE-2018-2462

Disclosure Date: September 11, 2018 (last updated November 27, 2024)
In certain cases, BEx Web Java Runtime Export Web Service in SAP NetWeaver BI 7.30, 7.31. 7.40, 7.41, 7.50, does not sufficiently validate an XML document accepted from an untrusted source.
0
0
Attacker Value
Unknown

CVE-2018-2435

Disclosure Date: July 10, 2018 (last updated November 27, 2024)
SAP NetWeaver Enterprise Portal from 7.0 to 7.02, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
0
0
Attacker Value
Unknown

CVE-2018-2434

Disclosure Date: July 10, 2018 (last updated November 27, 2024)
A content spoofing vulnerability in the following components allows to render html pages containing arbitrary plain text content, which might fool an end user: UI add-on for SAP NetWeaver (UI_Infra, 1.0), SAP UI Implementation for Decoupled Innovations (UI_700, 2.0): SAP NetWeaver 7.00 Implementation, SAP User Interface Technology (SAP_UI 7.4, 7.5, 7.51, 7.52). There is little impact as it is not possible to embed active contents such as JavaScript or hyperlinks.
0
0
Attacker Value
Unknown

CVE-2018-2415

Disclosure Date: May 09, 2018 (last updated November 26, 2024)
SAP NetWeaver Application Server Java Web Container and HTTP Service (Engine API, from 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; J2EE Engine Server Core 7.11, 7.30, 7.31, 7.40, 7.50) do not sufficiently encode user controlled inputs, resulting in a content spoofing vulnerability when error pages are displayed.
0
0
Attacker Value
Unknown

CVE-2018-2365

Disclosure Date: March 01, 2018 (last updated November 26, 2024)
SAP NetWeaver Portal, WebDynpro Java, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
0
0
Attacker Value
Unknown

CVE-2018-2371

Disclosure Date: February 14, 2018 (last updated November 26, 2024)
The SAML 2.0 service provider of SAP Netweaver AS Java Web Application, 7.50, does not sufficiently encode user controlled inputs, which results in Cross-Site Scripting (XSS) vulnerability.
0
0
View More Topics  < Previous  Next >