CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

SAP : Security Vulnerabilities (CVSS score between 6 and 8.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-0370 91 2019-10-08 2019-10-11
6.4
None Remote Low Not required Partial Partial None
Due to missing input validation, SAP Financial Consolidation, before versions 10.0 and 10.1, enables an attacker to use crafted input to interfere with the structure of the surrounding query leading to XPath Injection.
2 CVE-2019-0365 400 2019-09-10 2019-09-11
7.8
None Remote Low Not required None None Complete
SAP Kernel (RFC), KRNL32NUC, KRNL32UC and KRNL64NUC before versions 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64UC, before versions 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73 and KERNEL before versions 7.21, 7.49, 7.53, 7.73, 7.76 SAP GUI for Windows (BC-FES-GUI) before versions 7.5, 7.6, and SAP GUI for Java (BC-FES-JAV) before version 7.5, allow an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.
3 CVE-2019-0357 269 Exec Code 2019-09-10 2019-09-11
7.2
None Local Low Not required Complete Complete Complete
The administrator of SAP HANA database, before versions 1.0 and 2.0, can misuse HANA to execute commands with operating system "root" privileges.
4 CVE-2019-0355 94 Exec Code 2019-09-10 2019-09-11
6.5
None Remote Low Single system Partial Partial Partial
SAP NetWeaver Application Server Java Web Container, ENGINEAPI (before versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50) and SAP-JEECOR (before versions 6.40, 7.0, 7.01), allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the application.
5 CVE-2019-0351 119 Exec Code Overflow 2019-08-14 2019-08-23
6.5
None Remote Low Single system Partial Partial Partial
A remote code execution vulnerability exists in the SAP NetWeaver UDDI Server (Services Registry), versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50. Because of this, an attacker can exploit Services Registry potentially enabling them to take complete control of the product, including viewing, changing, or deleting data by injecting code into the working memory which is subsequently executed by the application. It can also be used to cause a general fault in the product, causing the product to terminate.
6 CVE-2019-0349 285 2019-08-14 2019-10-10
6.5
None Remote Low Single system Partial Partial Partial
SAP Kernel (ABAP Debugger), versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21, 7.49, 7.53, 7.73, 7.75, 7.76, 7.77, allows a user to execute ?Go to statement? without possessing the authorization S_DEVELOP DEBUG 02, resulting in Missing Authorization Check
7 CVE-2019-0344 94 Exec Code 2019-08-14 2019-08-26
7.5
None Remote Low Not required Partial Partial Partial
Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, it is possible to execute arbitrary code on a target machine with 'Hybris' user rights, resulting in Code Injection.
8 CVE-2019-0343 94 Exec Code 2019-08-14 2019-08-23
6.5
None Remote Low Single system Partial Partial Partial
SAP Commerce Cloud (Mediaconversion Extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, allows an authenticated Backoffice/HMC user to inject code that can be executed by the application, leading to Code Injection. An attacker could thereby control the behavior of the application.
9 CVE-2019-0330 78 Exec Code 2019-07-10 2019-07-15
6.5
None Remote Low Single system Partial Partial Partial
The OS Command Plugin in the transaction GPA_ADMIN and the OSCommand Console of SAP Diagnostic Agent (LM-Service), version 7.2, allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.
10 CVE-2019-0327 434 2019-07-10 2019-07-18
6.5
None Remote Low Single system Partial Partial Partial
SAP NetWeaver for Java Application Server - Web Container, (engineapi, versions 7.1, 7.2, 7.3, 7.31, 7.4 and 7.5), (servercode, versions 7.2, 7.3, 7.31, 7.4, 7.5), allows an attacker to upload files (including script files) without proper file format validation.
11 CVE-2019-0304 94 Exec Code 2019-06-12 2019-06-14
7.5
None Remote Low Not required Partial Partial Partial
FTP Function of SAP NetWeaver AS ABAP Platform, versions- KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, allows an attacker to inject code or specifically manipulated command that can be executed by the application. An attacker could thereby control the behaviour of the application.
12 CVE-2019-0301 264 2019-05-14 2019-05-16
6.5
None Remote Low Single system Partial Partial Partial
Under certain conditions, it is possible to request the modification of role or privilege assignments through SAP Identity Management REST Interface Version 2, which would otherwise be restricted only for viewing.
13 CVE-2019-0287 200 +Info 2019-05-14 2019-05-15
6.8
None Remote Medium Not required Partial Partial Partial
Under certain conditions SAP BusinessObjects Business Intelligence platform (Central Management Server), versions 4.2 and 4.3, allows an attacker to access information which would otherwise be restricted.
14 CVE-2019-0280 285 2019-05-14 2019-05-16
6.5
None Remote Low Single system Partial Partial Partial
SAP Treasury and Risk Management (EA-FINSERV 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18 and 8.0; S4CORE 1.01, 1.02 and 1.03), does not perform necessary authorization checks for authorization objects T_DEAL_DP and T_DEAL_PD , resulting in escalation of privileges.
15 CVE-2019-0279 285 2019-04-10 2019-04-12
6.5
None Remote Low Single system Partial Partial Partial
ABAP BASIS function modules INST_CREATE_R3_RFC_DEST, INST_CREATE_TCPIP_RFCDEST, and INST_CREATE_TCPIP_RFC_DEST in SAP BASIS (fixed in versions 7.0 to 7.02, 7.10 to 7.30, 7.31, 7.40, 7.50 to 7.53) do not perform necessary authorization checks in all circumstances for an authenticated user, resulting in escalation of privileges.
16 CVE-2018-2494 863 2018-12-11 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Necessary authorization checks for an authenticated user, resulting in escalation of privileges, have been fixed in SAP Basis AS ABAP of SAP NetWeaver 700 to 750, from 750 onwards delivered as ABAP Platform.
17 CVE-2018-2484 862 2019-01-08 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
SAP Enterprise Financial Services (fixed in SAPSCORE 1.13, 1.14, 1.15; S4CORE 1.01, 1.02, 1.03; EA-FINSERV 1.10, 2.0, 5.0, 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0; Bank/CFM 4.63_20) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
18 CVE-2018-2481 269 Exec Code 2018-11-13 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
In some SAP standard roles, in SAP_ABA versions, 7.00 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, 75C to 75D, a transaction code reserved for customer is used. By implementing such transaction code a malicious user may execute unauthorized transaction functionality.
19 CVE-2018-2462 20 2018-09-11 2018-11-26
6.5
None Remote Low Single system Partial Partial Partial
In certain cases, BEx Web Java Runtime Export Web Service in SAP NetWeaver BI 7.30, 7.31. 7.40, 7.41, 7.50, does not sufficiently validate an XML document accepted from an untrusted source.
20 CVE-2018-2461 862 2018-09-11 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Missing authorization check in SAP HCM Fiori "People Profile" (GBX01 HR version 6.0) for an authenticated user which may result in an escalation of privileges.
21 CVE-2018-2455 862 2018-09-11 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
SAP Enterprise Financial Services, versions 6.05, 6.06, 6.16, 6.17, 6.18, 8.0 (in business function EAFS_BCA_BUSOPR_SEPA) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
22 CVE-2018-2454 862 2018-09-11 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
SAP Enterprise Financial Services, versions 6.05, 6.06, 6.16, 6.17, 6.18, 8.0 (in business function EAFS_BCA_BUSOPR_2) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
23 CVE-2018-2451 269 2018-08-14 2019-10-02
6.0
None Remote Medium Single system Partial Partial Partial
XS Command-Line Interface (CLI) user sessions with the SAP HANA Extended Application Services (XS), version 1, advanced server may have an unintentional prolonged period of validity. Consequently, a platform user could access controller resources via active CLI session even after corresponding authorizations have been revoked meanwhile by an administrator user. Similarly, an attacker who managed to gain access to the platform user's session might misuse the session token even after the session has been closed.
24 CVE-2018-2450 89 Sql 2018-08-14 2018-10-11
6.5
None Remote Low Single system Partial Partial Partial
SAP MaxDB (liveCache), versions 7.8 and 7.9, allows an attacker who gets DBM operator privileges to execute crafted database queries and therefore read, modify or delete sensitive data from database.
25 CVE-2018-2449 287 2018-08-14 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
SAP SRM MDM Catalog versions 3.73, 7.31, 7.32 in (SAP NetWeaver 7.3) - import functionality does not perform authentication checks for valid repository user. This is an unauthenticated functionality that you can use on windows machines to do SMB relaying.
26 CVE-2018-2442 352 2018-08-14 2018-10-11
6.8
None Remote Medium Not required Partial Partial Partial
In SAP BusinessObjects Business Intelligence, versions 4.0, 4.1 and 4.2, while viewing a Web Intelligence report from BI Launchpad, the user session details captured by an HTTP analysis tool could be reused in a HTML page while the user session is still valid.
27 CVE-2018-2437 77 Exec Code 2018-07-10 2019-10-02
6.4
None Remote Low Not required Partial Partial None
The SAP Internet Graphics Service (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to externally trigger IGS command executions which can lead to: disclosure of information and malicious file insertion or modification.
28 CVE-2018-2436 862 2018-07-10 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Executing transaction WRCK in SAP R/3 Enterprise Retail (EHP6) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
29 CVE-2018-2427 94 Exec Code 2018-07-10 2018-09-06
6.5
None Remote Low Single system Partial Partial Partial
SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, and SAP Crystal Reports (version for Visual Studio .NET, Version 2010) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the application.
30 CVE-2018-2420 434 2018-05-09 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to upload any file (including script files) without proper file format validation.
31 CVE-2018-2413 862 2018-04-10 2019-10-09
6.5
None Remote Low Single system Partial Partial Partial
SAP Disclosure Management 10.1 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
32 CVE-2018-2412 862 2018-04-10 2019-10-09
6.5
None Remote Low Single system Partial Partial Partial
SAP Disclosure Management 10.1 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
33 CVE-2018-2409 384 2018-04-10 2019-10-09
6.5
None Remote Low Single system Partial Partial Partial
Improper session management when using SAP Cloud Platform 2.0 (Connectivity Service and Cloud Connector). Under certain conditions, data of some other user may be shown or modified when using an application built on top of SAP Cloud Platform.
34 CVE-2018-2408 384 2018-04-10 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
Improper Session Management in SAP Business Objects, 4.0, from 4.10, from 4.20, 4.30, CMC/BI Launchpad/Fiorified BI Launchpad. In case of password change for a user, all other active sessions created using older password continues to be active.
35 CVE-2018-2404 434 2018-04-10 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
SAP Disclosure Management 10.1 allows an attacker to upload any file without proper file format validation.
36 CVE-2018-2395 20 2018-02-14 2018-02-27
6.5
None Remote Low Single system Partial Partial Partial
Under certain conditions a malicious user may retrieve information on SAP Internet Graphic Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, overwrite existing image or corrupt other type of files.
37 CVE-2018-2381 862 2018-02-14 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
SAP ERP Financials Information System (SAP_APPL 6.00, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16; SAP_FIN 6.17, 6.18, 7.00, 7.20, 7.30 S4CORE 1.00, 1.01, 1.02) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
38 CVE-2018-2380 22 Dir. Trav. 2018-03-01 2018-03-23
6.5
None Remote Low Single system Partial Partial Partial
SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs.
39 CVE-2018-2368 306 2018-03-01 2018-03-23
7.5
None Remote Low Not required Partial Partial Partial
SAP NetWeaver System Landscape Directory, LM-CORE 7.10, 7.20, 7.30, 7.31, 7.40, does not perform any authentication checks for functionalities that require user identity.
40 CVE-2018-2367 22 Dir. Trav. 2018-03-01 2018-03-23
6.5
None Remote Low Single system Partial Partial Partial
ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs.
41 CVE-2018-2363 94 Exec Code 2018-01-09 2018-01-29
6.5
None Remote Low Single system Partial Partial Partial
SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, contains code that allows you to execute arbitrary program code of the user's choice. A malicious user can therefore control the behaviour of the system or can potentially escalate privileges by executing malicious code without legitimate credentials.
42 CVE-2018-2361 863 2018-01-09 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
In SAP Solution Manager 7.20, the role SAP_BPO_CONFIG gives the Business Process Operations (BPO) configuration user more authorization than required for configuring the BPO tools.
43 CVE-2017-16690 426 Exec Code 2017-12-12 2017-12-29
6.8
None Remote Medium Not required Partial Partial Partial
A malicious DLL preload attack possible on NwSapSetup and Installation self-extracting program for SAP Plant Connectivity 2.3 and 15.0. It is possible that SAPSetup / NwSapSetup.exe loads system DLLs like DWMAPI.dll (located in your Syswow64 / System32 folder) from the folder the executable is in and not from the system location. The desired behavior is that system dlls are only loaded from the system folders. If a dll with the same name as the system dll is located in the same folder as the executable, this dll is loaded and code is executed.
44 CVE-2017-16689 287 2017-12-12 2018-01-04
6.5
None Remote Low Single system Partial Partial Partial
A Trusted RFC connection in SAP KERNEL 32NUC, SAP KERNEL 32Unicode, SAP KERNEL 64NUC, SAP KERNEL 64Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAP KERNEL from 7.21 to 7.22, 7.45, 7.49, can be established to a different client or a different user on the same system, although no explicit Trusted/Trusting Relation to the same system has been defined.
45 CVE-2017-16684 287 2017-12-12 2017-12-22
7.5
None Remote Low Not required Partial Partial Partial
SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, and 4.30, does not perform authentication checks for functionalities that require user identity.
46 CVE-2017-16682 94 Exec Code 2017-12-12 2017-12-22
6.5
None Remote Low Single system Partial Partial Partial
SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be executed by the application and thereby control the behavior of the application.
47 CVE-2017-16678 918 2017-12-12 2018-01-02
6.5
None Remote Low Single system Partial Partial Partial
Server Side Request Forgery (SSRF) vulnerability in SAP NetWeaver Knowledge Management Configuration Service, EPBC and EPBC2 from 7.00 to 7.02; KMC-BC 7.30, 7.31, 7.40 and 7.50, that allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application.
48 CVE-2017-15296 352 CSRF 2017-10-16 2018-12-10
6.8
None Remote Medium Not required Partial Partial Partial
The Java component in SAP CRM has CSRF. This is SAP Security Note 2478964.
49 CVE-2017-11459 94 Exec Code 2017-07-25 2018-12-10
7.5
None Remote Low Not required Partial Partial Partial
SAP TREX 7.10 allows remote attackers to (1) read arbitrary files via an fget command or (2) write to arbitrary files and consequently execute arbitrary code via an fdir command, aka SAP Security Note 2419592.
50 CVE-2017-9845 400 DoS 2017-07-12 2018-12-10
7.8
None Remote Low Not required None None Complete
disp+work 7400.12.21.30308 in SAP NetWeaver 7.40 allows remote attackers to cause a denial of service (resource consumption) via a crafted DIAG request, aka SAP Security Note 2405918.
Total number of vulnerabilities : 173   Page : 1 (This Page)2 3 4
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.