sap

1,577 tracked vulnerabilities.

CVE-2019-0281 MEDIUM
SAP OpenUI5 < 1.38.39 - Cross-Site Scripting via Insufficient Input Encoding
Jul 10, 2019
CVSS 6.1
EPSS 0.01
CVE-2019-0316 MEDIUM
SAP NetWeaver Process Integration - Authenticated Reflected Cross-Site Scripting via Servlet Injection
Jun 14, 2019
CVSS 4.8
EPSS 0.01
CVE-2019-0303 MEDIUM
SAP BusinessObjects BI Platform 4.2, 4.3 - XSS via BILogon/appService.jsp errMsg
Jun 14, 2019
CVSS 6.1
EPSS 0.01
CVE-2019-0315 HIGH
SAP NetWeaver Process Integration - Information Disclosure via PI Integration Builder Web UI
Jun 12, 2019
CVSS 7.5
EPSS 0.01
CVE-2019-0314 MEDIUM
SAP Work Manager 6.3-6.5 and Inventory Manager 4.3 - Denial of Service
Jun 12, 2019
CVSS 5.5
EPSS 0.01
CVE-2019-0312 MEDIUM
SAP NetWeaver Process Integration - Unauthenticated Information Disclosure via Unprotected Web Pages
Jun 12, 2019
CVSS 5.3
EPSS 0.01
CVE-2019-0311 MEDIUM
SAP R/3 Enterprise 600-606, 616-617 - Cross-Site Scripting in Automotive Dealer Portal
Jun 12, 2019
CVSS 6.1
EPSS 0.01
CVE-2019-0308 MEDIUM
SAP E-Commerce 7.3, 7.31, 7.32, 7.33, 7.54 - Authenticated Stored Cross-Site Scripting
Jun 12, 2019
CVSS 6.8
EPSS 0.01
CVE-2019-0307 LOW
SAP Solution Manager 7.2 - Missing Encryption of Sensitive Data in Diagnostics Agent
Jun 12, 2019
CVSS 2.4
EPSS 0.02
CVE-2019-0306 MEDIUM
SAP HANA Extended Application Services - Authenticated Information Disclosure
Jun 12, 2019
CVSS 4.3
EPSS 0.01
CVE-2019-0305 MEDIUM
SAP NetWeaver Process Integration <7.40 - XSS
Jun 12, 2019
CVSS 4.3
EPSS 0.01
CVE-2019-0304 CRITICAL
SAP NetWeaver AS ABAP Platform - Remote Code Execution via FTP Function
Jun 12, 2019
CVSS 9.8
EPSS 0.02
CVE-2019-0301 HIGH
SAP Identity Management - Improper Privilege Management via REST Interface Version 2
May 14, 2019
CVSS 8.8
EPSS 0.01
CVE-2019-0298 MEDIUM
SAP E-Commerce - Cross-Site Scripting
May 14, 2019
CVSS 6.1
EPSS 0.01
CVE-2019-0293 MEDIUM
SAP Solution Manager System - Missing Authorization for RFC Destination Access
May 14, 2019
CVSS 6.5
EPSS 0.01
CVE-2019-0291 MEDIUM
Solution Manager 7.2 - Info Disclosure
May 14, 2019
CVSS 5.5
EPSS 0.00
CVE-2019-0289 HIGH
SAP BusinessObjects <4.3 - Info Disclosure
May 14, 2019
CVSS 7.1
EPSS 0.01
CVE-2019-0287 HIGH
SAP BusinessObjects <4.3 - Info Disclosure
May 14, 2019
CVSS 7.6
EPSS 0.02
CVE-2019-0280 HIGH
SAP Treasury and Risk Management - Missing Authorization for T_DEAL_DP and T_DEAL_PD
May 14, 2019
CVSS 8.8
EPSS 0.01
CVE-2019-0285 CRITICAL
SAP Crystal Reports for Visual Studio - Cleartext Storage of Sensitive Database Credentials
Apr 10, 2019
CVSS 9.8
EPSS 0.07
CVE-2019-0284 MEDIUM
SAP HANA - XML External Entity Injection via SLDREG
Apr 10, 2019
CVSS 6.0
EPSS 0.00
CVE-2019-0283 HIGH
SAP NetWeaver Process Integration - Digital Signature Spoofing via PI Axis Adapter
Apr 10, 2019
CVSS 7.1
EPSS 0.01
CVE-2019-0282 MEDIUM
SAP NetWeaver Process Integration - Unauthenticated Information Disclosure in Runtime Workbench
Apr 10, 2019
CVSS 5.3
EPSS 0.01
CVE-2019-0279 HIGH
SAP BASIS - Authenticated Privilege Escalation via ABAP Function Modules
Apr 10, 2019
CVSS 8.8
EPSS 0.01
CVE-2019-0278 MEDIUM
SAP NetWeaver Process Integration - Information Disclosure via Monitoring Servlet
Apr 10, 2019
CVSS 4.3
EPSS 0.01