4 matches found
CVE-2023-33991
CVE-2023-33991 affects SAP UI5 Variant Management (SAP_UI 750–757, UI_700 200). The vulnerability is a Stored XSS caused by insufficient encoding of user-controlled inputs when reading data from the server. The impact described across sources is high confidentiality impact with some information m...
CVE-2019-0388
CVE-2019-0388 affects the SAP UI5 HTTP Handler and is due to insufficient URL validation, enabling an attacker to manipulate content. The vulnerability is addressed by fixes in SAP_UI versions 7.5, 7.51, 7.52, 7.53, 7.54 and SAP UI_700 v2.0. Exploitation details are not provided in the connected ...
CVE-2018-2424
CVE-2018-2424 affects SAP Hana Database (1.00, 2.00), SAP UI5 (1.00; Java) with SAP UI5 versions 7.30–7.50 (and 7.50, 7.51, 7.52) and SAP UI for SAP NetWeaver 7.00 (2.0). The root cause is failure to validate user input before adding it to the DOM, enabling attacker-supplied JavaScript to be inje...
CVE-2018-2428
CVE-2018-2428 affects SAP Infrastructure 1.0, SAP UI 7.4/7.5/7.51/7.52, and SAP UI for SAP NetWeaver 7.00 (version 2.0). The description indicates that under certain conditions the SAP UI5 Handler can allow an attacker to access information that should be restricted, constituting an information d...