Total
32313 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-2560 | 1 Oracle | 1 Solaris | 2024-11-21 | N/A |
| Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Solaris accessible data. CVSS 3.0 Base Score 5.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N). | ||||
| CVE-2018-2500 | 1 Sap | 1 Mobile Secure | 2024-11-21 | N/A |
| Under certain conditions SAP Mobile Secure Android client (before version 6.60.19942.0 SP28 1711) allows an attacker to access information which would otherwise be restricted. | ||||
| CVE-2018-2499 | 1 Sap | 2 Financial Consolidation Cube Designer, Financial Consolidation Cube Designer Bobj Eades | 2024-11-21 | N/A |
| A security weakness in SAP Financial Consolidation Cube Designer (BOBJ_EADES fixed in versions 8.0, 10.1) may allow an attacker to discover the password hash of an admin user. | ||||
| CVE-2018-2497 | 1 Sap | 1 Hana | 2024-11-21 | N/A |
| The security audit log of SAP HANA, versions 1.0 and 2.0, does not log SELECT events if these events are part of a statement with the syntax CREATE TABLE <table_name> AS SELECT. | ||||
| CVE-2018-2488 | 1 Sap | 1 Fiori Client | 2024-11-21 | N/A |
| It is possible for a malware application installed on an Android device to send local push notifications with an empty message to SAP Fiori Client and cause the application to crash. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues and users must update to that version. | ||||
| CVE-2018-2487 | 1 Sap | 1 Disclosure Management | 2024-11-21 | N/A |
| SAP Disclosure Management 10.x allows an attacker to exploit through a specially crafted zip file provided by users: When extracted in specific use cases, files within this zip file can land in different locations than the originally intended extraction point. | ||||
| CVE-2018-2485 | 1 Sap | 1 Fiori Client | 2024-11-21 | N/A |
| It is possible for a malicious application or malware to execute JavaScript in a SAP Fiori application. This can include reading and writing of information and calling device specific JavaScript APIs in the application. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues and users must update to that version. | ||||
| CVE-2018-2482 | 1 Sap | 1 Mobile Secure | 2024-11-21 | N/A |
| SAP Mobile Secure Android Application, Mobile-secure.apk Android client, before version 6.60.19942.0, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. Install the Mobile Secure Android client released in Mid-Oct 2018. | ||||
| CVE-2018-2478 | 1 Sap | 1 Basis | 2024-11-21 | N/A |
| An attacker can use specially crafted inputs to execute commands on the host of a TREX / BWA installation, SAP Basis, versions: 7.0 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40 and 7.50 to 7.53. Not all commands are possible, only those that can be executed by the <sid>adm user. The commands executed depend upon the privileges of the <sid>adm user. | ||||
| CVE-2018-2475 | 1 Gardener | 1 Gardener | 2024-11-21 | N/A |
| Following the Gardener architecture, the Kubernetes apiserver of a Gardener managed shoot cluster resides in the corresponding seed cluster. Due to missing network isolation a shoot's apiserver can access services/endpoints in the private network of its corresponding seed cluster. Combined with other minor Kubernetes security issues, the missing network isolation theoretically can lead to compromise other shoot or seed clusters in the "Gardener" context. The issue is rated high due to the high impact of a potential exploitation in "Gardener" context. This was fixed in Gardener release 0.12.4. | ||||
| CVE-2018-2473 | 1 Sap | 1 Businessobjects Business Intelligence | 2024-11-21 | N/A |
| SAP BusinessObjects Business Intelligence Platform Server, versions 4.1 and 4.2, when using Web Intelligence Richclient 3 tiers mode gateway allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. | ||||
| CVE-2018-2471 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | N/A |
| Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 allows an attacker to access information which would otherwise be restricted. | ||||
| CVE-2018-2469 | 1 Sap | 1 Adaptive Server Enterprise | 2024-11-21 | N/A |
| Under certain conditions SAP Adaptive Server Enterprise (ASE), versions 15.7 and 16.0, allows an attacker to access information which would otherwise be restricted. | ||||
| CVE-2018-2468 | 1 Sap | 1 Adaptive Server Enterprise | 2024-11-21 | N/A |
| Under certain conditions the backup server in SAP Adaptive Server Enterprise (ASE), versions 15.7 and 16.0, allows an attacker to access information which would otherwise be restricted. | ||||
| CVE-2018-2467 | 1 Sap | 1 Businessobjects Bi Platform | 2024-11-21 | N/A |
| In the Software Development Kit in SAP BusinessObjects BI Platform Servers, versions 4.1 and 4.2, using the specially crafted URL in a Web Browser such as Chrome the system returns an error with the path of the used application server. | ||||
| CVE-2018-2459 | 1 Sap | 1 Mobile Platform | 2024-11-21 | N/A |
| Users of an SAP Mobile Platform (version 3.0) Offline OData application, which uses Offline OData-supplied delta tokens (which is on by default), occasionally receive some data values of a different user. | ||||
| CVE-2018-2458 | 1 Sap | 1 Business One | 2024-11-21 | N/A |
| Under certain conditions, Crystal Report using SAP Business One, versions 9.2 and 9.3, connection type allows an attacker to access information which would otherwise be restricted. | ||||
| CVE-2018-2457 | 1 Sap | 1 Adaptive Server Enterprise | 2024-11-21 | N/A |
| Under certain conditions SAP Adaptive Server Enterprise, version 16.0, allows some privileged users to access information which would otherwise be restricted. | ||||
| CVE-2018-2448 | 1 Sap | 1 Supplier Relationship Management Mdm Catalog | 2024-11-21 | N/A |
| Under certain conditions SAP SRM-MDM (CATALOG versions 3.0, 7.01, 7.02) utilities functionality allows an attacker to access information of user existence which would otherwise be restricted. | ||||
| CVE-2018-2446 | 1 Sap | 1 Businessobjects Business Intelligence | 2024-11-21 | 7.5 High |
| Admin tools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allow an unauthenticated user to read sensitive information (server name), hence leading to an information disclosure. | ||||