Lucene search
K

8 matches found

CVE
CVE
added 2019/12/11 9:35 p.m.94 views

CVE-2019-0404

CVE-2019-0404 affects SAP Enable Now prior to version 1911. The vulnerability stems from server error messages that reveal network configuration, causing information disclosure. The connected sources corroborate the affected product/version and the disclosure impact; they do not provide explicit ...

7.5CVSS7.3AI score0.011EPSS
CVE
CVE
added 2019/12/11 9:35 p.m.91 views

CVE-2019-0403

The CVE-2019-0403 case concerns SAP Enable Now (before version 1911). The available connected sources confirm a vulnerability in CSV handling where an attacker can input commands into CSV files, and those commands are executed when the file is opened, resulting in CSV Command Injection. The root ...

9.8CVSS9.5AI score0.02089EPSS
CVE
CVE
added 2020/03/10 8:17 p.m.84 views

CVE-2020-6197

SAP Enable Now is affected prior to version 1908, where sessions are not invalidated in a timely manner. This Insufficient Session Expiration could allow local attackers to still download portables. Affected product is SAP Enable Now; root cause is inadequate session token invalidation. Exposure ...

3.8CVSS4AI score0.00564EPSS
CVE
CVE
added 2020/03/10 8:17 p.m.80 views

CVE-2020-6178

SAP Enable Now (before version 1911) is affected by CVE-2020-6178, where the Session ID cookie value is sent in the URL. This creates a risk of information disclosure if the URL is captured from browser history or logs. The description is consistently stated across multiple sources (NVD entry and...

5.5CVSS5.4AI score0.00726EPSS
CVE
CVE
added 2019/12/11 9:35 p.m.73 views

CVE-2019-0405

CVE-2019-0405 affects SAP Enable Now prior to version 1911, where information leakage exposes the existence of a specific user, enabling user enumeration and information disclosure. The connected sources consistently describe this as a user existence disclosure vulnerability in SAP Enable Now; no...

7.5CVSS7.3AI score0.011EPSS
CVE
CVE
added 2019/08/14 1:51 p.m.59 views

CVE-2019-0340

CVE-2019-0340 affects SAP Enable Now; before version 1902 its XML parser is not hardened, enabling Missing XML Validation and local XXE disclosure via file upload at multiple locations. The NVD entry lists CVSSv3 base 5.4 (Medium) with network attack, low privileges, no user interaction. Connecte...

5.5CVSS5.4AI score0.00689EPSS
CVE
CVE
added 2019/11/13 9:57 p.m.55 views

CVE-2019-0385

CVE-2019-0385 affects SAP Enable Now prior to version 1908, where the product does not sufficiently encode user-controlled inputs, enabling a Cross-Site Scripting (XSS) vulnerability. The issue is a client-side input handling flaw that could allow execution of arbitrary script in the browser cont...

6.5CVSS6AI score0.00526EPSS
CVE
CVE
added 2024/07/09 4:43 a.m.55 views

CVE-2024-34692

CVE-2024-34692 concerns SAP Enable Now. The connected documents confirm an authentication requirement and a flaw where missing verification of file type or content allows an attacker to upload arbitrary files, including executables, which may be downloaded and executed by users, potentially hosti...

4.6CVSS4.1AI score0.0018EPSS