In SAP HANA Extended Application Services, 1.0, some general server statistics and status information could be retrieved by unauthorized users. Date published : 2018-02-14 https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/ https://launchpad.support.sap.com/#/notes/2589129
In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could retrieve application environments within that space. Date published : 2018-02-14 https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/ https://launchpad.support.sap.com/#/notes/2589129
In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could retrieve application environments within that space. Date published : 2018-02-14 https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/ https://launchpad.support.sap.com/#/notes/2589129
In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could retrieve sensitive application data like service bindings within that space. Date published : 2018-02-14 http://www.securityfocus.com/bid/103018...
Under certain circumstances, a specific endpoint of the Controller’s API could be misused by unauthenticated users to execute SQL statements that deliver information about system configuration in SAP HANA Extended Application Services, 1.0. Date...
A plain keystore password is written to a system log file in SAP HANA Extended Application Services, 1.0, which could endanger confidentiality of SSL communication. Date published : 2018-02-14 https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/ https://launchpad.support.sap.com/#/notes/2589129
The SAML 2.0 service provider of SAP Netweaver AS Java Web Application, 7.50, does not sufficiently encode user controlled inputs, which results in Cross-Site Scripting (XSS) vulnerability. Date published : 2018-02-14 http://www.securityfocus.com/bid/103005 https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/
Server Side Request Forgery (SSRF) vulnerability in SAP Central Management Console, BI Launchpad and Fiori BI Launchpad, 4.10, from 4.20, from 4.30, could allow a malicious user to use common techniques to determine which...
Under certain conditions SAP HANA, 1.00, 2.00, allows an unauthenticated attacker to access information which would otherwise be restricted. An attacker can misuse the authentication function of the SAP HANA server on its SQL...
SAP CRM WebClient UI 7.01, 7.31, 7.46, 7.47, 7.48, 8.00, 8.01, S4FND 1.02, does not sufficiently validate and/or encode hidden fields, resulting in Cross-Site Scripting (XSS) vulnerability. Date published : 2018-02-14 http://www.securityfocus.com/bid/103002 https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/
In Apache JMeter 2.X and 3.X, when using Distributed Test only (RMI based), jmeter server binds RMI Registry to wildcard host. This could allow an attacker to get Access to JMeterEngine and send unauthorized...
SharePoint Server 2016 allows an elevation of privilege vulnerability due to how web requests are handled, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". Date published : 2018-02-14 http://www.securityfocus.com/bid/102963 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0869
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server...
SharePoint Project Server 2013 and SharePoint Enterprise Server 2016 allow an information disclosure vulnerability due to how web requests are handled, aka "Microsoft SharePoint Information Disclosure Vulnerability". Date published : 2018-02-14 http://www.securityfocus.com/bid/102962 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0864