CVE-2019-0254
- EPSS 0.32%
- Published 15.02.2019 18:29:00
- Last modified 21.11.2024 04:16:35
SAP Disclosure Management (before version 10.1 Stack 1301) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
CVE-2018-2487
- EPSS 0.71%
- Published 13.11.2018 20:29:00
- Last modified 21.11.2024 04:03:54
SAP Disclosure Management 10.x allows an attacker to exploit through a specially crafted zip file provided by users: When extracted in specific use cases, files within this zip file can land in different locations than the originally intended extract...
CVE-2018-2403
- EPSS 0.25%
- Published 10.04.2018 15:29:01
- Last modified 21.11.2024 04:03:45
Under certain conditions, SAP Disclosure Management 10.1 allows an attacker to access information which would otherwise be restricted. It is possible for an authorized user to get SAP Disclosure Management to point a specific chapter type to a chapte...
CVE-2018-2404
- EPSS 0.28%
- Published 10.04.2018 15:29:01
- Last modified 21.11.2024 04:03:45
SAP Disclosure Management 10.1 allows an attacker to upload any file without proper file format validation.
CVE-2018-2412
- EPSS 0.43%
- Published 10.04.2018 15:29:01
- Last modified 21.11.2024 04:03:46
SAP Disclosure Management 10.1 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
CVE-2018-2413
- EPSS 0.41%
- Published 10.04.2018 15:29:01
- Last modified 21.11.2024 04:03:46
SAP Disclosure Management 10.1 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.