2 results (0.001 seconds)

CVSS: 8.8EPSS: 0%CPEs: 19EXPL: 0

08 Jan 2019 — SAP Enterprise Financial Services (fixed in SAPSCORE 1.13, 1.14, 1.15; S4CORE 1.01, 1.02, 1.03; EA-FINSERV 1.10, 2.0, 5.0, 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0; Bank/CFM 4.63_20) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. SAP Enterprise Financial Services (solucionado en SAPSCORE 1.13, 1.14, 1.15; S4CORE 1.01, 1.02, 1.03; EA-FINSERV 1.10, 2.0, 5.0, 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0; Bank/CFM 4.63_20) no rea... • http://www.securityfocus.com/bid/106477 • CWE-862: Missing Authorization •

CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0

11 Dec 2018 — SAP Marketing (UICUAN (1.20, 1.30, 1.40), SAPSCORE (1.13, 1.14)) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. SAP Marketing (UICUAN (1.20, 1.30, 1.40), SAPSCORE (1.13, 1.14)) no cifra lo suficiente las entradas controladas por el usuario, lo que resulta en una vulnerabilidad de Cross-Site Scripting (XSS). • http://www.securityfocus.com/bid/106171 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •