14 matches found
CVE-2019-0404
CVE-2019-0404 affects SAP Enable Now prior to version 1911. The vulnerability stems from server error messages that reveal network configuration, causing information disclosure. The connected sources corroborate the affected product/version and the disclosure impact; they do not provide explicit ...
CVE-2019-0403
The CVE-2019-0403 case concerns SAP Enable Now (before version 1911). The available connected sources confirm a vulnerability in CSV handling where an attacker can input commands into CSV files, and those commands are executed when the file is opened, resulting in CSV Command Injection. The root ...
CVE-2020-6197
SAP Enable Now is affected prior to version 1908, where sessions are not invalidated in a timely manner. This Insufficient Session Expiration could allow local attackers to still download portables. Affected product is SAP Enable Now; root cause is inadequate session token invalidation. Exposure ...
CVE-2020-6178
SAP Enable Now (before version 1911) is affected by CVE-2020-6178, where the Session ID cookie value is sent in the URL. This creates a risk of information disclosure if the URL is captured from browser history or logs. The description is consistently stated across multiple sources (NVD entry and...
CVE-2019-0405
CVE-2019-0405 affects SAP Enable Now prior to version 1911, where information leakage exposes the existence of a specific user, enabling user enumeration and information disclosure. The connected sources consistently describe this as a user existence disclosure vulnerability in SAP Enable Now; no...
CVE-2022-35297
CVE-2022-35297 concerns SAP Enable Now: a stored XSS due to insufficient encoding of user-controlled inputs before output to other users. The vulnerability description appears across multiple sources; some entries note affected versions are not specified and there is no available information abou...
CVE-2019-0340
CVE-2019-0340 affects SAP Enable Now; before version 1902 its XML parser is not hardened, enabling Missing XML Validation and local XXE disclosure via file upload at multiple locations. The NVD entry lists CVSSv3 base 5.4 (Medium) with network attack, low privileges, no user interaction. Connecte...
CVE-2019-0385
CVE-2019-0385 affects SAP Enable Now prior to version 1908, where the product does not sufficiently encode user-controlled inputs, enabling a Cross-Site Scripting (XSS) vulnerability. The issue is a client-side input handling flaw that could allow execution of arbitrary script in the browser cont...
CVE-2023-36918
CVE-2023-36918 affects SAP Enable Now components WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10 and ENABLE_NOW_CONSUMP_DEL 1704. The root cause is absence of the X-Content-Type-Options response header, enabling MIME type sniffing and leading to Cross-Site Scripting that could disclose or...
CVE-2024-34692
CVE-2024-34692 concerns SAP Enable Now. The connected documents confirm an authentication requirement and a flaw where missing verification of file type or content allows an attacker to upload arbitrary files, including executables, which may be downloaded and executed by users, potentially hosti...
CVE-2019-0341
The CVE-2019-0341 affects SAP Enable Now, version 1902, where the session cookie is missing the HttpOnly flag. This allows script code executed in the application context to access the session cookie and potentially abuse it to gain access to the application. The connected documents corroborate t...
CVE-2023-33988
CVE-2023-33988 affects SAP Enable Now components: WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704. The vulnerability stems from the absence of implemented Content-Security-Policy and X-XSS-Protection headers, enabling an unauthenticated attacker to attempt ref...
CVE-2021-27637
SAP Enable Now (SAP Workforce Performance Builder – Manager) versions 1.0 and 10 have an information disclosure vulnerability under certain conditions that could allow access to restricted information. The exact root cause, affected components, vectors, and remediation are not detailed in the pro...
CVE-2023-36919
The CVE-2023-36919 issue affects SAP Enable Now products: WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704. The underlying root cause is the lack of an implemented Referrer-Policy header, leading to information disclosure by exposing referrer details to unauthe...