Search
Search Results (43 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-45278 | 2 Sap, Sap Se | 2 Commerce Backoffice, Sap Commerce Backoffice | 2024-11-14 | 5.4 Medium |
| SAP Commerce Backoffice does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker can cause limited impact on confidentiality and integrity of the application. | ||||
| CVE-2024-42374 | 2 Sap, Sap Se | 2 Bex Web Java Runtime Export Web Service, Bex Web Java Runtime Export Web Service | 2024-09-16 | 8.2 High |
| BEx Web Java Runtime Export Web Service does not sufficiently validate an XML document accepted from an untrusted source. An attacker can retrieve information from the SAP ADS system and exhaust the number of XMLForm service which makes the SAP ADS rendering (PDF creation) unavailable. This affects the confidentiality and availability of the application. | ||||
| CVE-2024-41730 | 2 Sap, Sap Se | 2 Business Objects Business Intelligence Platform, Sap Business Objects Business Intgelligence Platform | 2024-09-12 | 9.8 Critical |
| In SAP BusinessObjects Business Intelligence Platform, if Single Signed On is enabled on Enterprise authentication, an unauthorized user can get a logon token using a REST endpoint. The attacker can fully compromise the system resulting in High impact on confidentiality, integrity and availability. | ||||