Lucene search
+L

1284 matches found

NVD
NVD
added 2018/10/09 1:29 p.m.23 views

CVE-2018-2470

In SAP NetWeaver Application Server for ABAP, from 7.0 to 7.02, 7.30, 7.31, 7.40 and from 7.50 to 7.53, applications do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

6.1CVSS6AI score0.01016EPSS
Exploits0References3
Prion
Prion
added 2018/10/09 1:29 p.m.15 views

Cross site scripting

In SAP NetWeaver Application Server for ABAP, from 7.0 to 7.02, 7.30, 7.31, 7.40 and from 7.50 to 7.53, applications do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

4.3CVSS6AI score0.01016EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2018/10/09 1:0 p.m.49 views

CVE-2018-2470

SAP NetWeaver Application Server for ABAP (versions 7.0–7.02, 7.30–7.31, 7.40, and 7.50–7.53) is vulnerable to Cross-Site Scripting due to insufficient encoding of user-controlled inputs. The root cause is improper encoding in the web-facing components, enabling an attacker to inject script or HT...

6.1CVSS6AI score0.01016EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2018/10/09 1:0 p.m.24 views

CVE-2018-2470

In SAP NetWeaver Application Server for ABAP, from 7.0 to 7.02, 7.30, 7.31, 7.40 and from 7.50 to 7.53, applications do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

6AI score0.01016EPSS
Exploits0References3
CVE
CVE
added 2018/08/14 4:0 p.m.50 views

CVE-2018-2441

CVE-2018-2441 affects SAP Change and Transport System (ABAP) and SAP KERNEL variants including 32/64 NUC/Unicode across multiple 7.x releases (7.21, 7.21EXT, 7.22, 7.22EXT, 7.45, 7.49, 7.53, 7.73). Root cause details are not provided in the documents. The vulnerability would allow an attacker to ...

5.5CVSS5.3AI score0.01035EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2018/05/21 12:0 a.m.4 views

SAP Netweaver Web Dynpro ABAP Denial of Service Vulnerability

SAP NetWeaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform provides a development and runtime environment for SAP applications. A denial of service vulnerability exists in SAP Netweaver Web Dynpro ABAP. An attacker could exploit this...

6.7AI score
Exploits0References1
CNVD
CNVD
added 2018/03/15 12:0 a.m.4 views

SAP BASIS Directory Traversal Vulnerability

SAP BASIS is a role engaged in sap system administration. Mainly responsible for sap system planning, installation, configuration, management, monitoring, maintenance, tuning, etc.. A security vulnerability exists in the ABAP File Interface in SAP BASIS that stems from the program's failure to...

8.8CVSS6.8AI score0.0191EPSS
Exploits0References1
NVD
NVD
added 2018/03/01 5:29 p.m.20 views

CVE-2018-2367

ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file API...

8.8CVSS8.6AI score0.0191EPSS
Exploits0References3
Prion
Prion
added 2018/03/01 5:29 p.m.20 views

Input validation

ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file API...

6.5CVSS8.5AI score0.0191EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2018/03/01 5:29 p.m.6 views

CVE-2018-2367

ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file API...

8.8CVSS5.8AI score0.0191EPSS
Exploits0References3
CVE
CVE
added 2018/03/01 5:0 p.m.49 views

CVE-2018-2367

The CVE affects SAP BASIS ABAP File Interface (v7.00–7.02, 7.10–7.11, 7.30–7.31, 7.40, 7.50–7.52). The root cause is insufficient validation of user-provided path information, allowing directory traversal characters to propagate to the file APIs. This could enable an attacker to access arbitrary ...

8.8CVSS8.4AI score0.0191EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2017/07/12 4:29 p.m.23 views

Design/Logic Flaw

SAP NetWeaver AS ABAP 7.40 allows remote authenticated users with certain privileges to cause a denial of service process crash via vectors involving disp+work.exe, aka SAP Security Note 2406841...

4CVSS6.6AI score0.02255EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2017/07/12 4:29 p.m.27 views

CVE-2017-9843

SAP NetWeaver AS ABAP 7.40 allows remote authenticated users with certain privileges to cause a denial of service process crash via vectors involving disp+work.exe, aka SAP Security Note 2406841...

4CVSS3.5AI score0.02255EPSS
Exploits1References2
OSV
OSV
added 2017/07/12 4:29 p.m.6 views

CVE-2017-9843

SAP NetWeaver AS ABAP 7.40 allows remote authenticated users with certain privileges to cause a denial of service process crash via vectors involving disp+work.exe, aka SAP Security Note 2406841...

2.7CVSS5.8AI score0.02255EPSS
Exploits1References2
CVE
CVE
added 2017/07/12 4:0 p.m.59 views

CVE-2017-9843

CVE-2017-9843 affects SAP NetWeaver AS ABAP 7.40. The issue is a denial-of-service via disp+work.exe triggered by remote authenticated users with certain privileges; the vulnerability is tied to SAP Security Note 2406841. Affected components include SAP Kernel 7.40 64-bit and disp+work.exe. Impac...

4CVSS4.8AI score0.02255EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2017/07/12 4:0 p.m.33 views

CVE-2017-9843

SAP NetWeaver AS ABAP 7.40 allows remote authenticated users with certain privileges to cause a denial of service process crash via vectors involving disp+work.exe, aka SAP Security Note 2406841...

4.9AI score0.02255EPSS
Exploits1References2
CNVD
CNVD
added 2017/05/24 12:0 a.m.6 views

SAP Netweaver ABAP EA-DFPS Remote Authentication Bypass Vulnerability

SAP NetWeaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform provides a development and runtime environment for SAP applications. A remote authentication bypass vulnerability exists in SAP Netweaver ABAP EA-DFPS. An attacker could exploit thi...

7.1AI score
Exploits0References1
CNVD
CNVD
added 2017/03/27 12:0 a.m.4 views

SAP Web Dynpro ABAP Unspecified Cross-Site Scripting Vulnerability

SAP Web Dynpro is a programming model offered by SAP Germany.WebDynpro is implemented via Java and ABAP. It is suitable for generating standard user interfaces UI by means of declarations, as well as reducing the time required to implement Web applications. An unspecified cross-site scripting...

6.3AI score
Exploits0References1
OSV
OSV
added 2017/03/23 8:59 p.m.6 views

CVE-2017-6950

SAP GUI 7.2 through 7.5 allows remote attackers to bypass intended security policy restrictions and execute arbitrary code via a crafted ABAP code, aka SAP Security Note 2407616...

9.8CVSS6.1AI score0.03785EPSS
Exploits0References3
Prion
Prion
added 2017/03/23 8:59 p.m.28 views

Design/Logic Flaw

SAP GUI 7.2 through 7.5 allows remote attackers to bypass intended security policy restrictions and execute arbitrary code via a crafted ABAP code, aka SAP Security Note 2407616...

7.5CVSS9.6AI score0.03785EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder