SAP : Security Vulnerabilities, CVEs, Published In 2017 (XSS)

CVE-2017-16685

Cross-Site scripting (XSS) in SAP Business Warehouse Universal Data Integration, from 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, due to insufficient encoding of user controlled inputs.
Max CVSS
6.1
EPSS Score
0.12%
Published
2017-12-12
Updated
2017-12-21

CVE-2017-16681

Cross-Site Scripting (XSS) vulnerability in SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, 4.30, as user controlled inputs are not sufficiently encoded.
Max CVSS
6.1
EPSS Score
0.12%
Published
2017-12-12
Updated
2017-12-21

CVE-2017-15294

The Java administration console in SAP CRM has XSS. This is SAP Security Note 2478964.
Max CVSS
6.1
EPSS Score
0.11%
Published
2017-10-16
Updated
2019-04-17

CVE-2017-14516

Cross-Site Scripting (XSS) exists in SAP Business Objects Financial Consolidation before 2017-06-13, aka SAP Security Note 2422292.
Max CVSS
6.1
EPSS Score
0.08%
Published
2017-12-03
Updated
2017-12-19

CVE-2017-11460

Cross-site scripting (XSS) vulnerability in the DataArchivingService servlet in SAP NetWeaver Portal 7.4 allows remote attackers to inject arbitrary web script or HTML via the responsecode parameter to shp/shp_result.jsp, aka SAP Security Note 2308535.
Max CVSS
6.1
EPSS Score
0.13%
Published
2017-07-25
Updated
2018-12-10

CVE-2017-11458

Cross-site scripting (XSS) vulnerability in the ctcprotocol/Protocol servlet in SAP NetWeaver AS JAVA 7.3 allows remote attackers to inject arbitrary web script or HTML via the sessionID parameter, aka SAP Security Note 2406783.
Max CVSS
6.1
EPSS Score
0.07%
Published
2017-07-25
Updated
2021-04-20

CVE-2017-10701

Cross site scripting (XSS) vulnerability in SAP Enterprise Portal 7.50 allows remote attackers to inject arbitrary web script or HTML, aka SAP Security Notes 2469860, 2471209, and 2488516.
Max CVSS
6.1
EPSS Score
0.18%
Published
2017-09-29
Updated
2017-10-06

CVE-2017-9613

Stored Cross-site scripting (XSS) vulnerability in SAP SuccessFactors before b1705.1234962 allows remote authenticated users to inject arbitrary web script or HTML via the file upload functionality.
Max CVSS
5.4
EPSS Score
0.16%
Published
2017-06-15
Updated
2018-10-09

CVE-2017-6061

Cross-site scripting (XSS) vulnerability in the help component of SAP BusinessObjects Financial Consolidation 10.0.0.1933 allows remote attackers to inject arbitrary web script or HTML via a GET request. /finance/help/en/frameset.htm is the URI for this component. The vendor response is SAP Security Note 2368106.
Max CVSS
4.7
EPSS Score
0.13%
Published
2017-03-16
Updated
2017-03-16
9 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close