| Max CVSS | 7.5 | Min CVSS | 4.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2018-2446 | 5.0 |
Admin tools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allow an unauthenticated user to read sensitive information (server name), hence leading to an information disclosure.
|
29-09-2020 - 19:13 | 14-08-2018 - 16:29 | |
| CVE-2018-2446 | 5.0 |
Admin tools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allow an unauthenticated user to read sensitive information (server name), hence leading to an information disclosure.
|
29-09-2020 - 19:13 | 14-08-2018 - 16:29 | |
| CVE-2018-2451 | 6.0 |
XS Command-Line Interface (CLI) user sessions with the SAP HANA Extended Application Services (XS), version 1, advanced server may have an unintentional prolonged period of validity. Consequently, a platform user could access controller resources via
|
24-08-2020 - 17:37 | 14-08-2018 - 16:29 | |
| CVE-2018-2441 | 5.5 |
Under certain conditions the SAP Change and Transport System (ABAP), SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49, 7.53 and 7.73, allows an attac
|
24-08-2020 - 17:37 | 14-08-2018 - 16:29 | |
| CVE-2018-2448 | 5.0 |
Under certain conditions SAP SRM-MDM (CATALOG versions 3.0, 7.01, 7.02) utilities functionality allows an attacker to access information of user existence which would otherwise be restricted.
|
24-08-2020 - 17:37 | 14-08-2018 - 16:29 | |
| CVE-2018-2416 | 5.5 |
SAP Identity Management 7.2 and 8.0 do not sufficiently validate an XML document accepted from an untrusted source.
|
14-03-2019 - 17:55 | 09-05-2018 - 20:29 | |
| CVE-2018-2445 | 5.5 |
AdminTools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application, resulting in a Server-Side Request Forgery (SSRF) vulnerabi
|
15-10-2018 - 17:29 | 14-08-2018 - 16:29 | |
| CVE-2018-2444 | 4.3 |
SAP BusinessObjects Financial Consolidation, versions 10.0, 10.1, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
|
12-10-2018 - 17:22 | 14-08-2018 - 16:29 | |
| CVE-2018-2447 | 4.0 |
SAP BusinessObjects Business Intelligence (Launchpad Web Intelligence), version 4.2, allows an attacker to execute crafted InfoObject queries, exposing the CMS InfoObjects database.
|
11-10-2018 - 19:01 | 14-08-2018 - 16:29 | |
| CVE-2018-2442 | 6.8 |
In SAP BusinessObjects Business Intelligence, versions 4.0, 4.1 and 4.2, while viewing a Web Intelligence report from BI Launchpad, the user session details captured by an HTTP analysis tool could be reused in a HTML page while the user session is st
|
11-10-2018 - 17:19 | 14-08-2018 - 16:29 | |
| CVE-2018-2449 | 7.5 |
SAP SRM MDM Catalog versions 3.73, 7.31, 7.32 in (SAP NetWeaver 7.3) - import functionality does not perform authentication checks for valid repository user. This is an unauthenticated functionality that you can use on windows machines to do SMB rela
|
11-10-2018 - 16:49 | 14-08-2018 - 16:29 | |
| CVE-2018-2450 | 6.5 |
SAP MaxDB (liveCache), versions 7.8 and 7.9, allows an attacker who gets DBM operator privileges to execute crafted database queries and therefore read, modify or delete sensitive data from database.
|
11-10-2018 - 16:47 | 14-08-2018 - 16:29 |