14 matches found
CVE-2020-6178
SAP Enable Now, before version 1911, sends the Session ID cookie value in URL. This might be stolen from the browser history or log files, leading to Information Disclosure...
Information disclosure
SAP Enable Now, before version 1911, sends the Session ID cookie value in URL. This might be stolen from the browser history or log files, leading to Information Disclosure...
CVE-2020-6178
SAP Enable Now, before version 1911, sends the Session ID cookie value in URL. This might be stolen from the browser history or log files, leading to Information Disclosure...
CVE-2019-0405
SAP Enable Now, before version 1911, leaks information about the existence of a particular user which can be used to construct a list of users, leading to a user enumeration vulnerability and Information Disclosure...
CVE-2019-0404
SAP Enable Now, before version 1911, leaks information about network configuration in the server error messages, leading to Information Disclosure...
CVE-2019-0403
SAP Enable Now, before version 1911, allows an attacker to input commands into the CSV files, which will be executed when opened, leading to CSV Command Injection...
CVE-2019-0403
SAP Enable Now, before version 1911, allows an attacker to input commands into the CSV files, which will be executed when opened, leading to CSV Command Injection...
Information disclosure
SAP Enable Now, before version 1911, leaks information about network configuration in the server error messages, leading to Information Disclosure...
Information disclosure
SAP Enable Now, before version 1911, leaks information about the existence of a particular user which can be used to construct a list of users, leading to a user enumeration vulnerability and Information Disclosure...
Command injection
SAP Enable Now, before version 1911, allows an attacker to input commands into the CSV files, which will be executed when opened, leading to CSV Command Injection...
CVE-2019-0405
SAP Enable Now, before version 1911, leaks information about the existence of a particular user which can be used to construct a list of users, leading to a user enumeration vulnerability and Information Disclosure...
CVE-2019-0404
SAP Enable Now, before version 1911, leaks information about network configuration in the server error messages, leading to Information Disclosure...
CVE-2019-0404
CVE-2019-0404 affects SAP Enable Now prior to version 1911. The vulnerability stems from server error messages that reveal network configuration, causing information disclosure. The connected sources corroborate the affected product/version and the disclosure impact; they do not provide explicit ...
CVE-2019-0403
The CVE-2019-0403 case concerns SAP Enable Now (before version 1911). The available connected sources confirm a vulnerability in CSV handling where an attacker can input commands into CSV files, and those commands are executed when the file is opened, resulting in CSV Command Injection. The root ...