| Max CVSS | 7.5 | Min CVSS | 3.5 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2019-0248 | 4.3 |
Under certain conditions SAP Gateway of ABAP Application Server (fixed in SAP_GWFND 7.5, 7.51, 7.52, 7.53; SAP_BASIS 7.5) allows an attacker to access information which would otherwise be restricted.
|
13-09-2021 - 12:23 | 08-01-2019 - 20:29 | |
| CVE-2018-2484 | 6.5 |
SAP Enterprise Financial Services (fixed in SAPSCORE 1.13, 1.14, 1.15; S4CORE 1.01, 1.02, 1.03; EA-FINSERV 1.10, 2.0, 5.0, 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0; Bank/CFM 4.63_20) does not perform necessary authorization checks for an au
|
09-09-2021 - 17:23 | 08-01-2019 - 20:29 | |
| CVE-2018-2499 | 5.0 |
A security weakness in SAP Financial Consolidation Cube Designer (BOBJ_EADES fixed in versions 8.0, 10.1) may allow an attacker to discover the password hash of an admin user.
|
24-08-2020 - 17:37 | 08-01-2019 - 20:29 | |
| CVE-2019-0243 | 6.5 |
Under some circumstances, masterdata maintenance in SAP BW/4HANA (fixed in DW4CORE version 1.0 (SP08)) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
|
24-08-2020 - 17:37 | 08-01-2019 - 20:29 | |
| CVE-2019-0246 | 7.5 |
SAP Cloud Connector, before version 2.11.3, does not perform any authentication checks for functionalities that require user identity.
|
24-08-2020 - 17:37 | 08-01-2019 - 20:29 | |
| CVE-2019-0241 | 5.0 |
SAP Work and Inventory Manager (Agentry_SDK , before 7.0, 7.1) allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.
|
24-08-2020 - 17:37 | 08-01-2019 - 20:29 | |
| CVE-2019-0240 | 5.0 |
SAP Business Objects Mobile for Android (before 6.3.5) application allows an attacker to provide malicious input in the form of a SAP BI link, preventing legitimate users from accessing the application by crashing it.
|
24-08-2020 - 17:37 | 08-01-2019 - 20:29 | |
| CVE-2019-0249 | 5.0 |
Under certain conditions SAP Landscape Management (VCM 3.0) allows an attacker to access information which would otherwise be restricted.
|
24-08-2020 - 17:37 | 08-01-2019 - 20:29 | |
| CVE-2019-0247 | 7.5 |
SAP Cloud Connector, before version 2.11.3, allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.
|
17-01-2019 - 18:35 | 08-01-2019 - 20:29 | |
| CVE-2019-0238 | 4.3 |
SAP Commerce (previously known as SAP Hybris Commerce), before version 6.7, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
|
17-01-2019 - 18:21 | 08-01-2019 - 20:29 | |
| CVE-2019-0244 | 3.5 |
SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
|
17-01-2019 - 15:21 | 08-01-2019 - 20:29 | |
| CVE-2019-0245 | 3.5 |
SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
|
17-01-2019 - 15:21 | 08-01-2019 - 20:29 |