1284 matches found
CVE-2018-2470
In SAP NetWeaver Application Server for ABAP, from 7.0 to 7.02, 7.30, 7.31, 7.40 and from 7.50 to 7.53, applications do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...
Cross site scripting
In SAP NetWeaver Application Server for ABAP, from 7.0 to 7.02, 7.30, 7.31, 7.40 and from 7.50 to 7.53, applications do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...
CVE-2018-2470
SAP NetWeaver Application Server for ABAP (versions 7.0–7.02, 7.30–7.31, 7.40, and 7.50–7.53) is vulnerable to Cross-Site Scripting due to insufficient encoding of user-controlled inputs. The root cause is improper encoding in the web-facing components, enabling an attacker to inject script or HT...
CVE-2018-2470
In SAP NetWeaver Application Server for ABAP, from 7.0 to 7.02, 7.30, 7.31, 7.40 and from 7.50 to 7.53, applications do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...
CVE-2018-2441
CVE-2018-2441 affects SAP Change and Transport System (ABAP) and SAP KERNEL variants including 32/64 NUC/Unicode across multiple 7.x releases (7.21, 7.21EXT, 7.22, 7.22EXT, 7.45, 7.49, 7.53, 7.73). Root cause details are not provided in the documents. The vulnerability would allow an attacker to ...
SAP Netweaver Web Dynpro ABAP Denial of Service Vulnerability
SAP NetWeaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform provides a development and runtime environment for SAP applications. A denial of service vulnerability exists in SAP Netweaver Web Dynpro ABAP. An attacker could exploit this...
SAP BASIS Directory Traversal Vulnerability
SAP BASIS is a role engaged in sap system administration. Mainly responsible for sap system planning, installation, configuration, management, monitoring, maintenance, tuning, etc.. A security vulnerability exists in the ABAP File Interface in SAP BASIS that stems from the program's failure to...
CVE-2018-2367
ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file API...
Input validation
ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file API...
CVE-2018-2367
ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file API...
CVE-2018-2367
The CVE affects SAP BASIS ABAP File Interface (v7.00–7.02, 7.10–7.11, 7.30–7.31, 7.40, 7.50–7.52). The root cause is insufficient validation of user-provided path information, allowing directory traversal characters to propagate to the file APIs. This could enable an attacker to access arbitrary ...
Design/Logic Flaw
SAP NetWeaver AS ABAP 7.40 allows remote authenticated users with certain privileges to cause a denial of service process crash via vectors involving disp+work.exe, aka SAP Security Note 2406841...
CVE-2017-9843
SAP NetWeaver AS ABAP 7.40 allows remote authenticated users with certain privileges to cause a denial of service process crash via vectors involving disp+work.exe, aka SAP Security Note 2406841...
CVE-2017-9843
SAP NetWeaver AS ABAP 7.40 allows remote authenticated users with certain privileges to cause a denial of service process crash via vectors involving disp+work.exe, aka SAP Security Note 2406841...
CVE-2017-9843
CVE-2017-9843 affects SAP NetWeaver AS ABAP 7.40. The issue is a denial-of-service via disp+work.exe triggered by remote authenticated users with certain privileges; the vulnerability is tied to SAP Security Note 2406841. Affected components include SAP Kernel 7.40 64-bit and disp+work.exe. Impac...
CVE-2017-9843
SAP NetWeaver AS ABAP 7.40 allows remote authenticated users with certain privileges to cause a denial of service process crash via vectors involving disp+work.exe, aka SAP Security Note 2406841...
SAP Netweaver ABAP EA-DFPS Remote Authentication Bypass Vulnerability
SAP NetWeaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform provides a development and runtime environment for SAP applications. A remote authentication bypass vulnerability exists in SAP Netweaver ABAP EA-DFPS. An attacker could exploit thi...
SAP Web Dynpro ABAP Unspecified Cross-Site Scripting Vulnerability
SAP Web Dynpro is a programming model offered by SAP Germany.WebDynpro is implemented via Java and ABAP. It is suitable for generating standard user interfaces UI by means of declarations, as well as reducing the time required to implement Web applications. An unspecified cross-site scripting...
CVE-2017-6950
SAP GUI 7.2 through 7.5 allows remote attackers to bypass intended security policy restrictions and execute arbitrary code via a crafted ABAP code, aka SAP Security Note 2407616...
Design/Logic Flaw
SAP GUI 7.2 through 7.5 allows remote attackers to bypass intended security policy restrictions and execute arbitrary code via a crafted ABAP code, aka SAP Security Note 2407616...