CVE-2019-0254 (disclosure_management)
20th February 2019 - 17:25
SAP Disclosure Management (before version 10.1 Stack 1301) does not sufficiently encode user-controlled inputs| resulting in Cross-Site Scripting (... Read more
MCERT
Threat Alerts
CVE-2019-0258 (disclosure_management)
20th February 2019 - 17:25
SAP Disclosure Management| version 10.01| does not perform necessary authorization checks for an authenticated user| resulting in escalation of pri... Read more
CVE-2019-0259 (businessobjects)
20th February 2019 - 17:25
SAP BusinessObjects| versions 4.2 and 4.3| (Visual Difference) allows an attacker to upload any file (including script files) without proper file f... Read more
CVE-2019-0266 (hana_extended_application_services)
20th February 2019 - 17:25
Under certain conditions SAP HANA Extended Application Services| version 1.0| advanced model (XS advanced) writes credentials of platform users to... Read more
CVE-2019-0267 (manufacturing_integration_and_intelligence)
20th February 2019 - 17:25
SAP Manufacturing Integration and Intelligence| versions 15.0| 15.1 and 15.2| (Illuminator Servlet) currently does not provide Anti-XSRF tokens. Th... Read more
