Show filters
119 Total Results
Displaying 91-100 of 119
Sort by:
Attacker Value
Unknown

CVE-2018-2503

Disclosure Date: December 11, 2018 (last updated November 27, 2024)
By default, the SAP NetWeaver AS Java keystore service does not sufficiently restrict the access to resources that should be protected. This has been fixed in SAP NetWeaver AS Java (ServerCore versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50).
Attack Vector: Adjacent NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2018-2492

Disclosure Date: December 11, 2018 (last updated November 27, 2024)
SAML 2.0 functionality in SAP NetWeaver AS Java, does not sufficiently validate XML documents received from an untrusted source. This is fixed in versions 7.2, 7.30, 7.31, 7.40 and 7.50.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2018-2476

Disclosure Date: November 13, 2018 (last updated November 27, 2024)
Due to insufficient URL Validation in forums in SAP NetWeaver versions 7.30, 7.31, 7.40, an attacker can redirect users to a malicious site.
0
0
Attacker Value
Unknown

CVE-2018-2477

Disclosure Date: November 13, 2018 (last updated November 27, 2024)
Knowledge Management (XMLForms) in SAP NetWeaver, versions 7.30, 7.31, 7.40 and 7.50 does not sufficiently validate an XML document accepted from an untrusted source.
0
0
Attacker Value
Unknown

CVE-2018-2470

Disclosure Date: October 09, 2018 (last updated November 27, 2024)
In SAP NetWeaver Application Server for ABAP, from 7.0 to 7.02, 7.30, 7.31, 7.40 and from 7.50 to 7.53, applications do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
0
0
Attacker Value
Unknown

CVE-2018-2452

Disclosure Date: September 11, 2018 (last updated November 27, 2024)
The logon application of SAP NetWeaver AS Java 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user-controlled inputs, resulting in a cross-site scripting (XSS) vulnerability.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2018-2464

Disclosure Date: September 11, 2018 (last updated November 27, 2024)
SAP WebDynpro Java, versions 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting (XSS) vulnerability.
0
0
Attacker Value
Unknown

CVE-2018-2462

Disclosure Date: September 11, 2018 (last updated November 27, 2024)
In certain cases, BEx Web Java Runtime Export Web Service in SAP NetWeaver BI 7.30, 7.31. 7.40, 7.41, 7.50, does not sufficiently validate an XML document accepted from an untrusted source.
0
0
Attacker Value
Unknown

CVE-2018-2435

Disclosure Date: July 10, 2018 (last updated November 27, 2024)
SAP NetWeaver Enterprise Portal from 7.0 to 7.02, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
0
0
Attacker Value
Unknown

CVE-2018-2415

Disclosure Date: May 09, 2018 (last updated November 26, 2024)
SAP NetWeaver Application Server Java Web Container and HTTP Service (Engine API, from 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; J2EE Engine Server Core 7.11, 7.30, 7.31, 7.40, 7.50) do not sufficiently encode user controlled inputs, resulting in a content spoofing vulnerability when error pages are displayed.
0
0
View More Topics  < Previous  Next >