| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2019-0249 |
200 |
|
+Info |
2019-01-08 |
2019-01-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Under certain conditions SAP Landscape Management (VCM 3.0) allows an attacker to access information which would otherwise be restricted. |
|
2 |
CVE-2019-0245 |
79 |
|
XSS |
2019-01-08 |
2019-01-17 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. |
|
3 |
CVE-2019-0244 |
79 |
|
XSS |
2019-01-08 |
2019-01-17 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. |
|
4 |
CVE-2019-0238 |
79 |
|
XSS |
2019-01-08 |
2019-01-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
SAP Commerce (previously known as SAP Hybris Commerce), before version 6.7, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. |
|
5 |
CVE-2018-11415 |
79 |
|
XSS |
2018-05-24 |
2018-06-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
SAP Internet Transaction Server (ITS) 6200.X.X has Reflected Cross Site Scripting (XSS) via certain wgate URIs. NOTE: the vendor has reportedly indicated that there will not be any further releases of this product. |
|
6 |
CVE-2018-2505 |
79 |
|
XSS |
2018-12-11 |
2019-01-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
SAP Commerce does not sufficiently validate user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability in storefronts that are based on the product. Fixed in versions (SAP Hybris Commerce, versions 6.2, 6.3, 6.4, 6.5, 6.6, 6.7). |
|
7 |
CVE-2018-2504 |
79 |
|
XSS |
2018-12-11 |
2019-01-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
SAP NetWeaver AS Java Web Container service does not validate against whitelist the HTTP host header which can result in HTTP Host Header Manipulation or Cross-Site Scripting (XSS) vulnerability. This is fixed in versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50. |
|
8 |
CVE-2018-2503 |
285 |
|
|
2018-12-11 |
2019-01-07 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
By default, the SAP NetWeaver AS Java keystore service does not sufficiently restrict the access to resources that should be protected. This has been fixed in SAP NetWeaver AS Java (ServerCore versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50). |
|
9 |
CVE-2018-2502 |
79 |
|
XSS |
2018-12-11 |
2019-01-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
TRACE method is enabled in SAP Business One Service Layer . Attacker can use XST (Cross Site Tracing) attack if frontend applications that are using Service Layer has a XSS vulnerability. This has been fixed in SAP Business One Service Layer (B1_ON_HANA, versions 9.2, 9.3). |
|
10 |
CVE-2018-2500 |
200 |
|
+Info |
2018-12-11 |
2019-01-04 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Under certain conditions SAP Mobile Secure Android client (before version 6.60.19942.0 SP28 1711) allows an attacker to access information which would otherwise be restricted. |
|
11 |
CVE-2018-2497 |
20 |
|
|
2018-12-11 |
2019-01-07 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
The security audit log of SAP HANA, versions 1.0 and 2.0, does not log SELECT events if these events are part of a statement with the syntax CREATE TABLE <table_name> AS SELECT. |
|
12 |
CVE-2018-2492 |
20 |
|
|
2018-12-11 |
2019-01-08 |
5.5 |
None |
Remote |
Low |
Single system |
None |
Partial |
Partial |
|
SAML 2.0 functionality in SAP NetWeaver AS Java, does not sufficiently validate XML documents received from an untrusted source. This is fixed in versions 7.2, 7.30, 7.31, 7.40 and 7.50. |
|
13 |
CVE-2018-2486 |
79 |
|
XSS |
2018-12-11 |
2019-01-07 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
SAP Marketing (UICUAN (1.20, 1.30, 1.40), SAPSCORE (1.13, 1.14)) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. |
|
14 |
CVE-2018-2484 |
264 |
|
|
2019-01-08 |
2019-01-17 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
SAP Enterprise Financial Services (fixed in SAPSCORE 1.13, 1.14, 1.15; S4CORE 1.01, 1.02, 1.03; EA-FINSERV 1.10, 2.0, 5.0, 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0; Bank/CFM 4.63_20) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. |
|
15 |
CVE-2018-2481 |
264 |
|
Exec Code |
2018-11-13 |
2018-12-13 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
In some SAP standard roles, in SAP_ABA versions, 7.00 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, 75C to 75D, a transaction code reserved for customer is used. By implementing such transaction code a malicious user may execute unauthorized transaction functionality. |
|
16 |
CVE-2018-2479 |
79 |
|
XSS |
2018-11-13 |
2018-11-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
SAP BusinessObjects Business Intelligence Platform (BIWorkspace), versions 4.1 and 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. |
|
17 |
CVE-2018-2476 |
601 |
|
|
2018-11-13 |
2018-12-13 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Due to insufficient URL Validation in forums in SAP NetWeaver versions 7.30, 7.31, 7.40, an attacker can redirect users to a malicious site. |
|
18 |
CVE-2018-2475 |
284 |
|
|
2018-10-09 |
2018-11-08 |
6.0 |
None |
Remote |
Medium |
Single system |
Partial |
Partial |
Partial |
|
Following the Gardener architecture, the Kubernetes apiserver of a Gardener managed shoot cluster resides in the corresponding seed cluster. Due to missing network isolation a shoot's apiserver can access services/endpoints in the private network of its corresponding seed cluster. Combined with other minor Kubernetes security issues, the missing network isolation theoretically can lead to compromise other shoot or seed clusters in the "Gardener" context. The issue is rated high due to the high impact of a potential exploitation in "Gardener" context. This was fixed in Gardener release 0.12.4. |
|
19 |
CVE-2018-2474 |
352 |
|
CSRF |
2018-10-09 |
2019-01-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
SAP Fiori 1.0 for SAP ERP HCM (Approve Leave Request, version 2) application allows an attacker to trick an authenticated user to send unintended request to the web server. This vulnerability is due to insufficient CSRF protection. |
|
20 |
CVE-2018-2472 |
79 |
|
XSS |
2018-10-09 |
2018-11-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 (Web Intelligence DHTML client) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. |
|
21 |
CVE-2018-2471 |
200 |
|
+Info |
2018-10-09 |
2018-11-23 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 allows an attacker to access information which would otherwise be restricted. |
|
22 |
CVE-2018-2470 |
79 |
|
XSS |
2018-10-09 |
2018-11-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
In SAP NetWeaver Application Server for ABAP, from 7.0 to 7.02, 7.30, 7.31, 7.40 and from 7.50 to 7.53, applications do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. |
|
23 |
CVE-2018-2469 |
200 |
|
+Info |
2018-10-09 |
2018-11-23 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Under certain conditions SAP Adaptive Server Enterprise (ASE), versions 15.7 and 16.0, allows an attacker to access information which would otherwise be restricted. |
|
24 |
CVE-2018-2468 |
200 |
|
+Info |
2018-10-09 |
2018-11-23 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Under certain conditions the backup server in SAP Adaptive Server Enterprise (ASE), versions 15.7 and 16.0, allows an attacker to access information which would otherwise be restricted. |
|
25 |
CVE-2018-2467 |
200 |
|
+Info |
2018-10-09 |
2019-01-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In the Software Development Kit in SAP BusinessObjects BI Platform Servers, versions 4.1 and 4.2, using the specially crafted URL in a Web Browser such as Chrome the system returns an error with the path of the used application server. |
|
26 |
CVE-2018-2466 |
79 |
|
XSS |
2018-10-09 |
2018-11-23 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
In Impact and Lineage Analysis in SAP Data Services, version 4.2, the management console does not sufficiently validate user-controlled inputs, which results in Cross-Site Scripting (XSS) vulnerability. |
|
27 |
CVE-2018-2465 |
20 |
|
|
2018-09-11 |
2018-11-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
SAP HANA (versions 1.0 and 2.0) Extended Application Services classic model OData parser does not sufficiently validate XML. By exploiting, an unauthorized hacker can cause the database server to crash. |
|
28 |
CVE-2018-2464 |
79 |
|
XSS |
2018-09-11 |
2018-11-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
SAP WebDynpro Java, versions 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting (XSS) vulnerability. |
|
29 |
CVE-2018-2463 |
918 |
|
|
2018-09-11 |
2018-11-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Omni Commerce Connect API (OCC) of SAP Hybris Commerce, versions 6.*, is vulnerable to server-side request forgery (SSRF) attacks. This is due to a misconfiguration of XML parser that is used in the server-side implementation of OCC. |
|
30 |
CVE-2018-2462 |
20 |
|
|
2018-09-11 |
2018-11-26 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
In certain cases, BEx Web Java Runtime Export Web Service in SAP NetWeaver BI 7.30, 7.31. 7.40, 7.41, 7.50, does not sufficiently validate an XML document accepted from an untrusted source. |
|
31 |
CVE-2018-2461 |
285 |
|
|
2018-09-11 |
2018-11-16 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
Missing authorization check in SAP HCM Fiori "People Profile" (GBX01 HR version 6.0) for an authenticated user which may result in an escalation of privileges. |
|
32 |
CVE-2018-2460 |
295 |
|
|
2018-09-11 |
2018-11-16 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
SAP Business One Android application, version 1.2, does not verify the certificate properly for HTTPS connection. This allows attacker to do MITM attack. |
|
33 |
CVE-2018-2459 |
254 |
|
|
2018-09-11 |
2018-11-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Users of an SAP Mobile Platform (version 3.0) Offline OData application, which uses Offline OData-supplied delta tokens (which is on by default), occasionally receive some data values of a different user. |
|
34 |
CVE-2018-2458 |
200 |
|
+Info |
2018-09-11 |
2018-11-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Under certain conditions, Crystal Report using SAP Business One, versions 9.2 and 9.3, connection type allows an attacker to access information which would otherwise be restricted. |
|
35 |
CVE-2018-2457 |
200 |
|
+Info |
2018-09-11 |
2018-11-16 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
Under certain conditions SAP Adaptive Server Enterprise, version 16.0, allows some privileged users to access information which would otherwise be restricted. |
|
36 |
CVE-2018-2455 |
285 |
|
|
2018-09-11 |
2018-11-16 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
SAP Enterprise Financial Services, versions 6.05, 6.06, 6.16, 6.17, 6.18, 8.0 (in business function EAFS_BCA_BUSOPR_SEPA) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. |
|
37 |
CVE-2018-2454 |
285 |
|
|
2018-09-11 |
2018-11-16 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
SAP Enterprise Financial Services, versions 6.05, 6.06, 6.16, 6.17, 6.18, 8.0 (in business function EAFS_BCA_BUSOPR_2) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. |
|
38 |
CVE-2018-2452 |
79 |
|
XSS |
2018-09-11 |
2018-11-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The logon application of SAP NetWeaver AS Java 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user-controlled inputs, resulting in a cross-site scripting (XSS) vulnerability. |
|
39 |
CVE-2018-2451 |
284 |
|
|
2018-08-14 |
2018-10-18 |
6.0 |
None |
Remote |
Medium |
Single system |
Partial |
Partial |
Partial |
|
XS Command-Line Interface (CLI) user sessions with the SAP HANA Extended Application Services (XS), version 1, advanced server may have an unintentional prolonged period of validity. Consequently, a platform user could access controller resources via active CLI session even after corresponding authorizations have been revoked meanwhile by an administrator user. Similarly, an attacker who managed to gain access to the platform user's session might misuse the session token even after the session has been closed. |
|
40 |
CVE-2018-2450 |
89 |
|
Sql |
2018-08-14 |
2018-10-11 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
SAP MaxDB (liveCache), versions 7.8 and 7.9, allows an attacker who gets DBM operator privileges to execute crafted database queries and therefore read, modify or delete sensitive data from database. |
|
41 |
CVE-2018-2449 |
287 |
|
|
2018-08-14 |
2018-10-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SAP SRM MDM Catalog versions 3.73, 7.31, 7.32 in (SAP NetWeaver 7.3) - import functionality does not perform authentication checks for valid repository user. This is an unauthenticated functionality that you can use on windows machines to do SMB relaying. |
|
42 |
CVE-2018-2448 |
200 |
|
+Info |
2018-08-14 |
2018-10-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Under certain conditions SAP SRM-MDM (CATALOG versions 3.0, 7.01, 7.02) utilities functionality allows an attacker to access information of user existence which would otherwise be restricted. |
|
43 |
CVE-2018-2447 |
89 |
|
Sql |
2018-08-14 |
2018-10-11 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
SAP BusinessObjects Business Intelligence (Launchpad Web Intelligence), version 4.2, allows an attacker to execute crafted InfoObject queries, exposing the CMS InfoObjects database. |
|
44 |
CVE-2018-2446 |
200 |
|
+Info |
2018-08-14 |
2018-10-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Admin tools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allow an unauthenticated user to read sensitive information (server name), hence leading to an information disclosure. |
|
45 |
CVE-2018-2445 |
918 |
|
|
2018-08-14 |
2018-10-15 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
AdminTools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application, resulting in a Server-Side Request Forgery (SSRF) vulnerability. |
|
46 |
CVE-2018-2444 |
79 |
|
XSS |
2018-08-14 |
2018-10-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
SAP BusinessObjects Financial Consolidation, versions 10.0, 10.1, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. |
|
47 |
CVE-2018-2442 |
352 |
|
|
2018-08-14 |
2018-10-11 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In SAP BusinessObjects Business Intelligence, versions 4.0, 4.1 and 4.2, while viewing a Web Intelligence report from BI Launchpad, the user session details captured by an HTTP analysis tool could be reused in a HTML page while the user session is still valid. |
|
48 |
CVE-2018-2441 |
20 |
|
|
2018-08-14 |
2018-10-11 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
Under certain conditions the SAP Change and Transport System (ABAP), SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49, 7.53 and 7.73, allows an attacker to transport information which would otherwise be restricted. |
|
49 |
CVE-2018-2440 |
532 |
|
|
2018-07-10 |
2018-09-06 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Under certain circumstances SAP Dynamic Authorization Management (DAM) by NextLabs (Java Policy Controller versions 7.7 and 8.5) exposes sensitive information in the application logs. |
|
50 |
CVE-2018-2439 |
20 |
|
|
2018-07-10 |
2018-09-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, has insufficient request validation (for example, where the request is validated for authenticity and validity) and under certain conditions, will process invalid requests. Several areas of the SAP Internet Graphics Server (IGS) did not require sufficient input validation. Namely, the SAP Internet Graphics Server (IGS) HTTP and RFC listener, SAP Internet Graphics Server (IGS) portwatcher when registering a portwatcher to the multiplexer and the SAP Internet Graphics Server (IGS) multiplexer had insufficient input validation and thus allowing a malformed data packet to cause a crash. |
