Vulnerabilities for Enable now (...) - CXSECURITY.COM

Vulnerabilities for 'Enable now'

2021-06-09

CVE-2021-27637

CWE-668

Under certain conditions SAP Enable Now (SAP Workforce Performance Builder - Manager), versions - 1.0, 10 allows an attacker to access information which would otherwise be restricted leading to information disclosure.

2020-03-10

CVE-2020-6197

CWE-613

SAP Enable Now, before version 1908, does not invalidate session tokens in a timely manner. The Insufficient Session Expiration may allow attackers with local access, for instance, to still download the portables.

CVE-2020-6178

CWE-613

SAP Enable Now, before version 1911, sends the Session ID cookie value in URL. This might be stolen from the browser history or log files, leading to Information Disclosure.

2019-12-11

CVE-2019-0405

CWE-200

SAP Enable Now, before version 1911, leaks information about the existence of a particular user which can be used to construct a list of users, leading to a user enumeration vulnerability and Information Disclosure.

CVE-2019-0404

CWE-200

SAP Enable Now, before version 1911, leaks information about network configuration in the server error messages, leading to Information Disclosure.

CVE-2019-0403

CWE-20

SAP Enable Now, before version 1911, allows an attacker to input commands into the CSV files, which will be executed when opened, leading to CSV Command Injection.

2019-11-13

CVE-2019-0385

CWE-79

SAP Enable Now, before version 1908, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.

2019-08-14

CVE-2019-0341

CWE-20

The session cookie used by SAP Enable Now, version 1902, does not have the HttpOnly flag set. If an attacker runs script code in the context of the application, he could get access to the session cookie. The session cookie could then be abused to gain access to the application.

>>> Vendor: SAP 332 Products

Application server

Sap r 3 web application server demo

Crystal reports

Adaptive server enterprise

Internet transaction server

Mysap business suite

Sap web application server

Business connector

Download manager

Internet graphics server

Inventory manager

Sap basis component 640

Sap basis component 700

Netweaver nw04s

Internet communication manager

Sap message server

Business objects

Crystal reports server

Business one 2005-a

Businessobjects

J2ee engine core

System landscape directory

Netweaver business client

Production planning and control

Healthcare industry solution

Erp cental component

Basis communication services

Erp central component

Network interface router

Netweaver logviewer

Netweaver development infrastructure

Customer relationship management

Netweaver solution manager

Netweaver exchange infrastructure (bc-xi)

Bi universal data integration

Ccms / database monitor

Guided procedures archive monitor

Mobile infrastructure

Solution manager

Enterprise portal

Software deployment manager

Enhancement package

Print and output management

Business object processing framework for abap

Netweaver software lifecycle manager

Netweaver abap application server

Profile maintenance

Background processing

Netweaver java application server

Web services tool

Computing center management system monitoring

Transaction data pool

Capacity leveling

Open hub service

Oil industry solution traders and schedulers workbench

Supplier relationship management

Hana extend application services

Netweaver business warehouse

Fi manager self-service

Businessobjects xi

Businessobjects explorer

Commoncryptolib

Environment health and safety

See all Products for Vendor SAP

Copyright 2024, cxsecurity.com