Security News

CVE-2019-0553

National Vulnerability Database - Tue, 01/08/2019 - 16:29
An information disclosure vulnerability exists when Windows Subsystem for Linux improperly handles objects in memory, aka "Windows Subsystem for Linux Information Disclosure Vulnerability." This affects Windows 10 Servers, Windows 10, Windows Server 2019.
Categories: Security News

CVE-2019-0554

National Vulnerability Database - Tue, 01/08/2019 - 16:29
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0536, CVE-2019-0549, CVE-2019-0569.
Categories: Security News

CVE-2019-0249

National Vulnerability Database - Tue, 01/08/2019 - 15:29
Under certain conditions SAP Landscape Management (VCM 3.0) allows an attacker to access information which would otherwise be restricted.
Categories: Security News

CVE-2018-2484

National Vulnerability Database - Tue, 01/08/2019 - 15:29
SAP Enterprise Financial Services (fixed in SAPSCORE 1.13, 1.14, 1.15; S4CORE 1.01, 1.02, 1.03; EA-FINSERV 1.10, 2.0, 5.0, 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0; Bank/CFM 4.63_20) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
Categories: Security News

CVE-2018-2499

National Vulnerability Database - Tue, 01/08/2019 - 15:29
A security weakness in SAP Financial Consolidation Cube Designer (BOBJ_EADES fixed in versions 8.0, 10.1) may allow an attacker to discover the password hash of an admin user.
Categories: Security News

CVE-2019-0238

National Vulnerability Database - Tue, 01/08/2019 - 15:29
SAP Commerce (previously known as SAP Hybris Commerce), before version 6.7, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
Categories: Security News

CVE-2019-0240

National Vulnerability Database - Tue, 01/08/2019 - 15:29
SAP Business Objects Mobile for Android (before 6.3.5) application allows an attacker to provide malicious input in the form of a SAP BI link, preventing legitimate users from accessing the application by crashing it.
Categories: Security News

CVE-2019-0241

National Vulnerability Database - Tue, 01/08/2019 - 15:29
SAP Work and Inventory Manager (Agentry_SDK , before 7.0, 7.1) allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.
Categories: Security News

CVE-2019-0243

National Vulnerability Database - Tue, 01/08/2019 - 15:29
Under some circumstances, masterdata maintenance in SAP BW/4HANA (fixed in DW4CORE version 1.0 (SP08)) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
Categories: Security News

CVE-2019-0244

National Vulnerability Database - Tue, 01/08/2019 - 15:29
SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
Categories: Security News

CVE-2019-0245

National Vulnerability Database - Tue, 01/08/2019 - 15:29
SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
Categories: Security News

CVE-2019-0246

National Vulnerability Database - Tue, 01/08/2019 - 15:29
SAP Cloud Connector, before version 2.11.3, does not perform any authentication checks for functionalities that require user identity.
Categories: Security News

CVE-2019-0247

National Vulnerability Database - Tue, 01/08/2019 - 15:29
SAP Cloud Connector, before version 2.11.3, allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.
Categories: Security News

CVE-2019-0248

National Vulnerability Database - Tue, 01/08/2019 - 15:29
Under certain conditions SAP Gateway of ABAP Application Server (fixed in SAP_GWFND 7.5, 7.51, 7.52, 7.53; SAP_BASIS 7.5) allows an attacker to access information which would otherwise be restricted.
Categories: Security News

CVE-2018-1918

National Vulnerability Database - Tue, 01/08/2019 - 11:29
IBM Jazz Reporting Service (JRS) 6.0.3, 6.0.4, 6.0.5, and 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152785.
Categories: Security News

CVE-2018-1932

National Vulnerability Database - Tue, 01/08/2019 - 11:29
IBM API Connect 5.0.0.0 through 5.0.8.4 is affected by a vulnerability in the role-based access control in the management server that could allow an authenticated user to obtain highly sensitive information. IBM X-Force ID: 153175.
Categories: Security News

CVE-2018-1993

National Vulnerability Database - Tue, 01/08/2019 - 11:29
IBM Spectrum Scale (GPFS) 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, and 5.0.0 where the use of Local Read Only Cache (LROC) is enabled may caused read operation on a file to return data from a different file. IBM X-Force ID: 154440.
Categories: Security News

CVE-2019-5720

National Vulnerability Database - Tue, 01/08/2019 - 05:29
includes/db/class.reflines_db.inc in FrontAccounting 2.4.6 contains a SQL Injection vulnerability in the reference field that can allow the attacker to grab the entire database of the application via the void_transaction.php filterType parameter.
Categories: Security News

Vuln: SAP ABAP Application Server CVE-2019-0248 Gateway Information Disclosure Vulnerability

SecurityFocus Vulnerabilities - Tue, 01/08/2019 - 00:00
SAP ABAP Application Server CVE-2019-0248 Gateway Information Disclosure Vulnerability
Categories: Security News

Vuln: SAP Financial Consolidation Cube Designer CVE-2018-2499 Information Disclosure Vulnerability

SecurityFocus Vulnerabilities - Tue, 01/08/2019 - 00:00
SAP Financial Consolidation Cube Designer CVE-2018-2499 Information Disclosure Vulnerability
Categories: Security News

Pages