Disclosure Management@10.1 Security Vulnerabilities and Issues — Disclosure Management@10.1 CVE List

Lucene search

SapDisclosure Management10.1

5 matches found

CVE•added 2018/04/10 3:29 p.m.•40 views

CVE-2018-2413

SAP Disclosure Management 10.1 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

8.8CVSS8.8AI score0.00414EPSS

CVE•added 2018/04/10 3:29 p.m.•36 views

CVE-2018-2403

Under certain conditions, SAP Disclosure Management 10.1 allows an attacker to access information which would otherwise be restricted. It is possible for an authorized user to get SAP Disclosure Management to point a specific chapter type to a chapter the user has not been given access to.

6.5CVSS6.3AI score0.00245EPSS

CVE•added 2018/04/10 3:29 p.m.•35 views

CVE-2018-2404

SAP Disclosure Management 10.1 allows an attacker to upload any file without proper file format validation.

9.8CVSS9.3AI score0.00277EPSS

CVE•added 2018/11/13 8:29 p.m.•34 views

CVE-2018-2487

SAP Disclosure Management 10.x allows an attacker to exploit through a specially crafted zip file provided by users: When extracted in specific use cases, files within this zip file can land in different locations than the originally intended extraction point.

8.3CVSS8AI score0.00722EPSS

CVE•added 2018/04/10 3:29 p.m.•30 views

CVE-2018-2412

SAP Disclosure Management 10.1 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

8.8CVSS8.8AI score0.0043EPSS