Vulnerabilidades em SAP

159 resultados
CVE-2018-2479SAP BusinessObjects Business Intelligence Platform (BIWorkspace), versions 4.1 and 4.2, does not sufficiently encode user-controlled inputs,EPSS 1.3%CVE-2017-16687The user self-service tools of SAP HANA extended application services, classic user self-service, a part of SAP HANA Database versions 1.00 EPSS 1.3%CVE-2017-16691SAP Note Assistant tool (SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31,7.40, from 7.50 to 7.52) supports upload of digitally siEPSS 1.3%CVE-2018-2447SAP BusinessObjects Business Intelligence (Launchpad Web Intelligence), version 4.2, allows an attacker to execute crafted InfoObject querieEPSS 1.2%CVE-2017-16689A Trusted RFC connection in SAP KERNEL 32NUC, SAP KERNEL 32Unicode, SAP KERNEL 64NUC, SAP KERNEL 64Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAPEPSS 1.2%CVE-2023-27893HIGHArbitrary Code Execution in SAP Solution Manager and ABAP managed systems (ST-PI)EPSS 1.2%CVE-2018-2485It is possible for a malicious application or malware to execute JavaScript in a SAP Fiori application. This can include reading and writingEPSS 1.2%CVE-2018-2451XS Command-Line Interface (CLI) user sessions with the SAP HANA Extended Application Services (XS), version 1, advanced server may have an uEPSS 1.2%CVE-2018-2492SAML 2.0 functionality in SAP NetWeaver AS Java, does not sufficiently validate XML documents received from an untrusted source. This is fixEPSS 1.1%CVE-2018-2445AdminTools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allows an attacker to manipulate the vulnerable application to sEPSS 1.1%CVE-2018-2433SAP Gateway (SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL EPSS 1.1%CVE-2018-2504SAP NetWeaver AS Java Web Container service does not validate against whitelist the HTTP host header which can result in HTTP Host Header MaEPSS 1.1%CVE-2017-16690A malicious DLL preload attack possible on NwSapSetup and Installation self-extracting program for SAP Plant Connectivity 2.3 and 15.0. It iEPSS 1.1%CVE-2018-2441Under certain conditions the SAP Change and Transport System (ABAP), SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNELEPSS 1.0%CVE-2022-41272CRITICALAn unauthenticated attacker over the network can attach to an open interface exposed through JNDI by the User Defined Search (UDS) of SAP NeEPSS 1.0%CVE-2018-2464SAP WebDynpro Java, versions 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-EPSS 1.0%CVE-2018-2435SAP NetWeaver Enterprise Portal from 7.0 to 7.02, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user controlled inputs, rEPSS 1.0%CVE-2018-2444SAP BusinessObjects Financial Consolidation, versions 10.0, 10.1, does not sufficiently encode user-controlled inputs, resulting in Cross-SiEPSS 1.0%CVE-2018-2470In SAP NetWeaver Application Server for ABAP, from 7.0 to 7.02, 7.30, 7.31, 7.40 and from 7.50 to 7.53, applications do not sufficiently encEPSS 1.0%CVE-2018-2505SAP Commerce does not sufficiently validate user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability in storefronts thaEPSS 1.0%