sap

1,577 tracked vulnerabilities.

CVE-2019-0351 HIGH
SAP NetWeaver UDDI Server 7.10-7.50 - Remote Code Execution
Aug 14, 2019
CVSS 8.8
EPSS 0.03
CVE-2019-0348 MEDIUM
SAP BusinessObjects Business Intelligence Platform 4.1-4.2 - Cleartext Transmission of Sensitive Database Information
Aug 14, 2019
CVSS 6.5
EPSS 0.01
CVE-2019-0346 MEDIUM
SAP BusinessObjects Business Intelligence Platform 4.2 - Cleartext Transmission of Sensitive Information
Aug 14, 2019
CVSS 6.5
EPSS 0.01
CVE-2019-0345 CRITICAL
SAP NetWeaver Application Server Java 7.30, 7.31, 7.40, 7.50 - Unauthenticated Server-Side Request Forgery via XML File
Aug 14, 2019
CVSS 9.8
EPSS 0.02
CVE-2019-0344 CRITICAL KEV
SAP Commerce Cloud 6.4-6.7, 1808-1905 - Remote Code Execution via Unsafe Deserialization in virtualjdbc Extension
Aug 14, 2019
CVSS 9.8
EPSS 0.07
CVE-2019-0343 HIGH
SAP Commerce Cloud 6.4-6.7, 1808-1905 - Authenticated Code Injection via Mediaconversion Extension
Aug 14, 2019
CVSS 8.8
EPSS 0.01
CVE-2019-0341 HIGH
SAP Enable Now 1902 - Session Cookie HttpOnly Flag Missing
Aug 14, 2019
CVSS 8.8
EPSS 0.01
CVE-2019-0340 MEDIUM
SAP Enable Now < 1902 - XML External Entity Injection via File Upload
Aug 14, 2019
CVSS 5.4
EPSS 0.01
CVE-2019-0338 MEDIUM
SAP Gateway 750-753 - Information Disclosure via Improper HTTP Header Handling
Aug 14, 2019
CVSS 5.3
EPSS 0.01
CVE-2019-0337 MEDIUM
SAP NetWeaver Process Integration 7.10-7.50 - Reflected Cross-Site Scripting via URL Parameter
Aug 14, 2019
CVSS 6.1
EPSS 0.01
CVE-2019-0335 MEDIUM
SAP BusinessObjects Business Intelligence Platform 4.1-4.3 - Stored Cross-Site Scripting in User Description Field
Aug 14, 2019
CVSS 6.1
EPSS 0.01
CVE-2019-0334 MEDIUM
SAP BusinessObjects Business Intelligence Platform 4.1-4.3 - Stored Cross-Site Scripting in BI Workspace Module
Aug 14, 2019
CVSS 5.4
EPSS 0.01
CVE-2019-0333 MEDIUM
SAP BusinessObjects Business Intelligence Platform 4.2, 4.3 - Information Disclosure via Query Cancellation
Aug 14, 2019
CVSS 6.5
EPSS 0.01
CVE-2019-0332 MEDIUM
SAP BusinessObjects Business Intelligence Platform 4.1-4.3 - Cross-Site Scripting via Info View Search Keyword
Aug 14, 2019
CVSS 6.1
EPSS 0.01
CVE-2019-0331 MEDIUM
SAP BusinessObjects Business Intelligence Platform 4.1-4.3 - Information Disclosure via Directory Structure Access
Aug 14, 2019
CVSS 5.3
EPSS 0.01
CVE-2019-0330 CRITICAL
SAP Diagnostic Agent 7.2 - OS Command Injection via OS Command Plugin
Jul 10, 2019
CVSS 9.1
EPSS 0.02
CVE-2019-0329 MEDIUM
SAP Information Steward 4.2 - Cross-Site Scripting
Jul 10, 2019
CVSS 6.1
EPSS 0.01
CVE-2019-0328 HIGH
SAP NetWeaver Process Integration - OS Command Injection
Jul 10, 2019
CVSS 7.2
EPSS 0.03
CVE-2019-0327 HIGH
SAP NetWeaver Application Server Java 7.1-7.5 - Unrestricted Upload of File with Dangerous Type
Jul 10, 2019
CVSS 7.2
EPSS 0.02
CVE-2019-0326 MEDIUM
SAP BusinessObjects Business Intelligence Platform 4.1-4.3 - Cross-Site Scripting
Jul 10, 2019
CVSS 6.1
EPSS 0.01
CVE-2019-0325 MEDIUM
SAP ERP HCM 3 - Missing Authorization for Payroll Data Report
Jul 10, 2019
CVSS 4.2
EPSS 0.01
CVE-2019-0322 HIGH
SAP Commerce Cloud 6.3-6.7, 1808, 1811 - Denial of Service
Jul 10, 2019
CVSS 7.5
EPSS 0.03
CVE-2019-0321 MEDIUM
SAP NetWeaver AS ABAP 7.31, 7.4, 7.5 - Cross-Site Scripting
Jul 10, 2019
CVSS 6.1
EPSS 0.01
CVE-2019-0319 HIGH
SAP Gateway 7.5-7.53 - Content Spoofing via Error Message Injection
Jul 10, 2019
CVSS 7.5
EPSS 0.03
CVE-2019-0318 MEDIUM
SAP NetWeaver Application Server for Java - Info Disclosure
Jul 10, 2019
CVSS 5.3
EPSS 0.01