CVE-2019-0254
- EPSS 0.32%
- Veröffentlicht 15.02.2019 18:29:00
- Zuletzt bearbeitet 21.11.2024 04:16:35
SAP Disclosure Management (before version 10.1 Stack 1301) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
CVE-2018-2487
- EPSS 0.71%
- Veröffentlicht 13.11.2018 20:29:00
- Zuletzt bearbeitet 21.11.2024 04:03:54
SAP Disclosure Management 10.x allows an attacker to exploit through a specially crafted zip file provided by users: When extracted in specific use cases, files within this zip file can land in different locations than the originally intended extract...
CVE-2018-2403
- EPSS 0.25%
- Veröffentlicht 10.04.2018 15:29:01
- Zuletzt bearbeitet 21.11.2024 04:03:45
Under certain conditions, SAP Disclosure Management 10.1 allows an attacker to access information which would otherwise be restricted. It is possible for an authorized user to get SAP Disclosure Management to point a specific chapter type to a chapte...
CVE-2018-2404
- EPSS 0.28%
- Veröffentlicht 10.04.2018 15:29:01
- Zuletzt bearbeitet 21.11.2024 04:03:45
SAP Disclosure Management 10.1 allows an attacker to upload any file without proper file format validation.
CVE-2018-2412
- EPSS 0.43%
- Veröffentlicht 10.04.2018 15:29:01
- Zuletzt bearbeitet 21.11.2024 04:03:46
SAP Disclosure Management 10.1 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
CVE-2018-2413
- EPSS 0.41%
- Veröffentlicht 10.04.2018 15:29:01
- Zuletzt bearbeitet 21.11.2024 04:03:46
SAP Disclosure Management 10.1 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.