Lucene search
K
SapEnable Now

14 matches found

CVE
CVE
added 2019/12/11 9:35 p.m.94 views

CVE-2019-0404

CVE-2019-0404 affects SAP Enable Now prior to version 1911. The vulnerability stems from server error messages that reveal network configuration, causing information disclosure. The connected sources corroborate the affected product/version and the disclosure impact; they do not provide explicit ...

7.5CVSS7.3AI score0.011EPSS
CVE
CVE
added 2019/12/11 9:35 p.m.90 views

CVE-2019-0403

The CVE-2019-0403 case concerns SAP Enable Now (before version 1911). The available connected sources confirm a vulnerability in CSV handling where an attacker can input commands into CSV files, and those commands are executed when the file is opened, resulting in CSV Command Injection. The root ...

9.8CVSS9.5AI score0.02089EPSS
CVE
CVE
added 2020/03/10 8:17 p.m.84 views

CVE-2020-6197

SAP Enable Now is affected prior to version 1908, where sessions are not invalidated in a timely manner. This Insufficient Session Expiration could allow local attackers to still download portables. Affected product is SAP Enable Now; root cause is inadequate session token invalidation. Exposure ...

3.8CVSS4AI score0.00564EPSS
CVE
CVE
added 2020/03/10 8:17 p.m.80 views

CVE-2020-6178

SAP Enable Now (before version 1911) is affected by CVE-2020-6178, where the Session ID cookie value is sent in the URL. This creates a risk of information disclosure if the URL is captured from browser history or logs. The description is consistently stated across multiple sources (NVD entry and...

5.5CVSS5.4AI score0.00726EPSS
CVE
CVE
added 2019/12/11 9:35 p.m.73 views

CVE-2019-0405

CVE-2019-0405 affects SAP Enable Now prior to version 1911, where information leakage exposes the existence of a specific user, enabling user enumeration and information disclosure. The connected sources consistently describe this as a user existence disclosure vulnerability in SAP Enable Now; no...

7.5CVSS7.3AI score0.011EPSS
CVE
CVE
added 2022/10/11 12:0 a.m.60 views

CVE-2022-35297

CVE-2022-35297 concerns SAP Enable Now: a stored XSS due to insufficient encoding of user-controlled inputs before output to other users. The vulnerability description appears across multiple sources; some entries note affected versions are not specified and there is no available information abou...

5.4CVSS5.3AI score0.00475EPSS
CVE
CVE
added 2019/08/14 1:51 p.m.59 views

CVE-2019-0340

CVE-2019-0340 affects SAP Enable Now; before version 1902 its XML parser is not hardened, enabling Missing XML Validation and local XXE disclosure via file upload at multiple locations. The NVD entry lists CVSSv3 base 5.4 (Medium) with network attack, low privileges, no user interaction. Connecte...

5.5CVSS5.4AI score0.00689EPSS
CVE
CVE
added 2019/11/13 9:57 p.m.54 views

CVE-2019-0385

CVE-2019-0385 affects SAP Enable Now prior to version 1908, where the product does not sufficiently encode user-controlled inputs, enabling a Cross-Site Scripting (XSS) vulnerability. The issue is a client-side input handling flaw that could allow execution of arbitrary script in the browser cont...

6.5CVSS6AI score0.00526EPSS
CVE
CVE
added 2023/07/11 2:49 a.m.54 views

CVE-2023-36918

CVE-2023-36918 affects SAP Enable Now components WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10 and ENABLE_NOW_CONSUMP_DEL 1704. The root cause is absence of the X-Content-Type-Options response header, enabling MIME type sniffing and leading to Cross-Site Scripting that could disclose or...

6.1CVSS6.2AI score0.00345EPSS
CVE
CVE
added 2024/07/09 4:43 a.m.54 views

CVE-2024-34692

CVE-2024-34692 concerns SAP Enable Now. The connected documents confirm an authentication requirement and a flaw where missing verification of file type or content allows an attacker to upload arbitrary files, including executables, which may be downloaded and executed by users, potentially hosti...

4.6CVSS4.1AI score0.0018EPSS
CVE
CVE
added 2019/08/14 1:50 p.m.50 views

CVE-2019-0341

The CVE-2019-0341 affects SAP Enable Now, version 1902, where the session cookie is missing the HttpOnly flag. This allows script code executed in the application context to access the session cookie and potentially abuse it to gain access to the application. The connected documents corroborate t...

8.8CVSS8.7AI score0.0106EPSS
CVE
CVE
added 2023/07/11 2:26 a.m.44 views

CVE-2023-33988

CVE-2023-33988 affects SAP Enable Now components: WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704. The vulnerability stems from the absence of implemented Content-Security-Policy and X-XSS-Protection headers, enabling an unauthenticated attacker to attempt ref...

6.1CVSS6.2AI score0.00345EPSS
CVE
CVE
added 2021/06/09 1:30 p.m.43 views

CVE-2021-27637

SAP Enable Now (SAP Workforce Performance Builder – Manager) versions 1.0 and 10 have an information disclosure vulnerability under certain conditions that could allow access to restricted information. The exact root cause, affected components, vectors, and remediation are not detailed in the pro...

5.9CVSS4.4AI score0.00259EPSS
CVE
CVE
added 2023/07/11 2:54 a.m.39 views

CVE-2023-36919

The CVE-2023-36919 issue affects SAP Enable Now products: WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704. The underlying root cause is the lack of an implemented Referrer-Policy header, leading to information disclosure by exposing referrer details to unauthe...

5.3CVSS5AI score0.00404EPSS