CVE-2018-2413
SAP Disclosure Management 10.1 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
Source: CVE-2018-2413
[월:] 2018년 04월
CVE-2018-2410
CVE-2018-2410
SAP Business One, 9.2, 9.3, browser access does not sufficiently encode user controlled inputs, which results in a Cross-Site Scripting (XSS) vulnerability.
Source: CVE-2018-2410
CVE-2015-1957
CVE-2015-1957
IBM WebSphere MQ 7.5.x before 7.5.0.6 and 8.0.x before 8.0.0.3 allows remote authenticated users to obtain sensitive information via a man-in-the-middle attack, related to duplication of message data in cleartext outside the protected payload. IBM X-Force ID: 103482.
Source: CVE-2015-1957
CVE-2018-2405
CVE-2018-2405
SAP Solution Manager, 7.10, 7.20, Incident Management Work Center allows an attacker to upload a malicious script as an attachment and this could lead to possible Cross-Site Scripting.
Source: CVE-2018-2405
CVE-2018-2404
CVE-2018-2404
SAP Disclosure Management 10.1 allows an attacker to upload any file without proper file format validation.
Source: CVE-2018-2404
CVE-2018-2408
CVE-2018-2408
Improper Session Management in SAP Business Objects, 4.0, from 4.10, from 4.20, 4.30, CMC/BI Launchpad/Fiorified BI Launchpad. In case of password change for a user, all other active sessions created using older password continues to be active.
Source: CVE-2018-2408
CVE-2018-2406
CVE-2018-2406
Unquoted windows search path (directory/path traversal) vulnerability in Crystal Reports Server, OEM Edition (CRSE), 4.0, 4.10, 4.20, 4.30, startup path.
Source: CVE-2018-2406
CVE-2018-2409
CVE-2018-2409
Improper session management when using SAP Cloud Platform 2.0 (Connectivity Service and Cloud Connector). Under certain conditions, data of some other user may be shown or modified when using an application built on top of SAP Cloud Platform.
Source: CVE-2018-2409
CVE-2018-2403
CVE-2018-2403
Under certain conditions, SAP Disclosure Management 10.1 allows an attacker to access information which would otherwise be restricted. It is possible for an authorized user to get SAP Disclosure Management to point a specific chapter type to a chapter the user has not been given access to.
Source: CVE-2018-2403
CVE-2017-14611
CVE-2017-14611
SSRF (Server Side Request Forgery) in Cockpit 0.13.0 allows remote attackers to read arbitrary files or send TCP traffic to intranet hosts via the url parameter, related to use of the discontinued aheinze/fetch_url_contents component.
Source: CVE-2017-14611