SAP Enable Now, before version 1908, does not invalidate session tokens in a timely manner. The Insufficient Session Expiration may allow attackers with local access, for instance, to still download the portables.
Max CVSS
3.8
EPSS Score
0.04%
Published
2020-03-10
Updated
2020-03-12
SAP NetWeaver Developer Studio (NWDS) - version 7.50, is based on Eclipse, which contains the logging framework log4j in version 1.x. The application's confidentiality and integrity could have a low impact due to the vulnerabilities associated with version 1.x.
Max CVSS
3.6
EPSS Score
0.04%
Published
2022-06-14
Updated
2022-06-24
The SAP Netweaver Business Warehouse component does not properly restrict access to the functions in the BW-SYS-DB-DB4 function group, which allows remote authenticated users to obtain sensitive information via unspecified vectors.
Max CVSS
3.5
EPSS Score
0.24%
Published
2014-07-31
Updated
2017-08-29
SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information via an InfoStore query to a CORBA listener.
Max CVSS
3.5
EPSS Score
0.26%
Published
2014-10-16
Updated
2018-10-09
Business Warehouse (BW) in SAP Netweaver AS ABAP 7.31 allows remote authenticated users to obtain sensitive information via a request to the RSDU_CCMS_GET_PROFILE_PARAM RFC function.
Max CVSS
3.5
EPSS Score
0.24%
Published
2014-10-16
Updated
2022-10-06
Cross-site scripting (XSS) vulnerability in role deletion in the Web-based Development Workbench in SAP HANA DB 1.00.091.00.1418659308 allows remote authenticated users to inject arbitrary web script or HTML via the role name, aka SAP Security Note 2153898.
Max CVSS
3.5
EPSS Score
0.09%
Published
2015-10-15
Updated
2015-10-16
Cross-site scripting (XSS) vulnerability in user creation in the Web-based Development Workbench in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to inject arbitrary web script or HTML via the username, aka SAP Security Note 2153898.
Max CVSS
3.5
EPSS Score
0.09%
Published
2015-10-15
Updated
2015-10-16
In certain situations, an attacker with regular user credentials and local access to an ASE cockpit installation can access sensitive information which appears in the installation log files. This information although sensitive is of limited utility and cannot be used to further access, modify or render unavailable any other information in the cockpit or system. This affects SAP Adaptive Server Enterprise, Versions - 15.7, 16.0.
Max CVSS
3.5
EPSS Score
0.04%
Published
2020-11-30
Updated
2021-07-21
SAP Cloud Connector - version 2.0, allows an authenticated user with low privilege to perform Denial of service attack from adjacent UI by sending a malicious request which leads to low impact on the availability and no impact on confidentiality or Integrity  of the application.
Max CVSS
3.5
EPSS Score
0.04%
Published
2023-12-12
Updated
2023-12-15
SAP Netweaver 7.40 improperly logs (1) DUI and (2) DUJ events in the SAP Security Audit Log as non-critical, which might allow local users to hide rejected attempts to execute RFC function callbacks by leveraging filtering of non-critical events in audit analysis reports, aka SAP Security Note 2252312.
Max CVSS
3.3
EPSS Score
0.04%
Published
2016-10-13
Updated
2016-10-13
Under certain conditions SAP Business One client (B1_ON_HANA, SAP-M-BO), before versions 9.2 and 9.3, allows an attacker to access information which would otherwise be restricted.
Max CVSS
3.3
EPSS Score
0.04%
Published
2019-09-10
Updated
2020-08-24
11 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!