PDFViewer is a control delivered as part of SAPUI5 product which shows the PDF content in an embedded mode by default. If a PDF document contains embedded JavaScript (or any harmful client-side script), the PDFViewer will execute the JavaScript embedded in the PDF which can cause a potential security threat.
Source: SAP SE
Max CVSS
3.5
EPSS Score
0.04%
Published
2024-05-14
Updated
2024-05-14
SAP Bank Account Management does not perform necessary authorization check for an authorized user, resulting in escalation of privileges. As a result, it has a low impact to confidentiality to the system.
Source: SAP SE
Max CVSS
3.5
EPSS Score
0.04%
Published
2024-05-14
Updated
2024-05-14
SAP Cloud Connector - version 2.0, allows an authenticated user with low privilege to perform Denial of service attack from adjacent UI by sending a malicious request which leads to low impact on the availability and no impact on confidentiality or Integrity  of the application.
Source: SAP SE
Max CVSS
3.5
EPSS Score
0.04%
Published
2023-12-12
Updated
2023-12-15
SAP NetWeaver Developer Studio (NWDS) - version 7.50, is based on Eclipse, which contains the logging framework log4j in version 1.x. The application's confidentiality and integrity could have a low impact due to the vulnerabilities associated with version 1.x.
Source: SAP SE
Max CVSS
3.6
EPSS Score
0.04%
Published
2022-06-14
Updated
2022-06-24
In certain situations, an attacker with regular user credentials and local access to an ASE cockpit installation can access sensitive information which appears in the installation log files. This information although sensitive is of limited utility and cannot be used to further access, modify or render unavailable any other information in the cockpit or system. This affects SAP Adaptive Server Enterprise, Versions - 15.7, 16.0.
Source: SAP SE
Max CVSS
3.5
EPSS Score
0.04%
Published
2020-11-30
Updated
2021-07-21
SAP Enable Now, before version 1908, does not invalidate session tokens in a timely manner. The Insufficient Session Expiration may allow attackers with local access, for instance, to still download the portables.
Source: SAP SE
Max CVSS
3.8
EPSS Score
0.04%
Published
2020-03-10
Updated
2020-03-12
Under certain conditions SAP Business One client (B1_ON_HANA, SAP-M-BO), before versions 9.2 and 9.3, allows an attacker to access information which would otherwise be restricted.
Source: SAP SE
Max CVSS
3.3
EPSS Score
0.04%
Published
2019-09-10
Updated
2020-08-24
SAP Netweaver 7.40 improperly logs (1) DUI and (2) DUJ events in the SAP Security Audit Log as non-critical, which might allow local users to hide rejected attempts to execute RFC function callbacks by leveraging filtering of non-critical events in audit analysis reports, aka SAP Security Note 2252312.
Source: MITRE
Max CVSS
3.3
EPSS Score
0.04%
Published
2016-10-13
Updated
2016-10-13
Cross-site scripting (XSS) vulnerability in user creation in the Web-based Development Workbench in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to inject arbitrary web script or HTML via the username, aka SAP Security Note 2153898.
Source: MITRE
Max CVSS
3.5
EPSS Score
0.09%
Published
2015-10-15
Updated
2015-10-16
Cross-site scripting (XSS) vulnerability in role deletion in the Web-based Development Workbench in SAP HANA DB 1.00.091.00.1418659308 allows remote authenticated users to inject arbitrary web script or HTML via the role name, aka SAP Security Note 2153898.
Source: MITRE
Max CVSS
3.5
EPSS Score
0.09%
Published
2015-10-15
Updated
2015-10-16
Business Warehouse (BW) in SAP Netweaver AS ABAP 7.31 allows remote authenticated users to obtain sensitive information via a request to the RSDU_CCMS_GET_PROFILE_PARAM RFC function.
Source: MITRE
Max CVSS
3.5
EPSS Score
0.25%
Published
2014-10-16
Updated
2022-10-06
SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information via an InfoStore query to a CORBA listener.
Source: MITRE
Max CVSS
3.5
EPSS Score
0.26%
Published
2014-10-16
Updated
2018-10-09
The SAP Netweaver Business Warehouse component does not properly restrict access to the functions in the BW-SYS-DB-DB4 function group, which allows remote authenticated users to obtain sensitive information via unspecified vectors.
Source: MITRE
Max CVSS
3.5
EPSS Score
0.24%
Published
2014-07-31
Updated
2017-08-29
13 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!