Sap Disclosure Management — known CVE vulnerabilities
Every CVE whose affected-product data names Sap Disclosure Management, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (16)
CVE-2019-0258 — CVSS 8.8 (high): SAP Disclosure Management, version 10.01, does not perform necessary authorization checks for an authenticated user, resulting in…
CVE-2020-6292 — CVSS 8.8 (high): Logout mechanism in SAP Disclosure Management, version 10.1, does not invalidate one of the session cookies, leading to Insufficient…
CVE-2020-6291 — CVSS 8.8 (high): SAP Disclosure Management, version 10.1, session mechanism does not have expiration data set therefore allows unlimited access after…
CVE-2020-6289 — CVSS 8.8 (high): SAP Disclosure Management, version 10.1, had insufficient protection against Cross-Site Request Forgery, which could be used to trick user…
CVE-2018-2487 — CVSS 8.3 (high): SAP Disclosure Management 10.x allows an attacker to exploit through a specially crafted zip file provided by users: When extracted in…
CVE-2020-6209 — CVSS 7.5 (high): SAP Disclosure Management, version 10.1, does not perform necessary authorization checks for an authenticated user, allowing access to…
CVE-2022-41274 — CVSS 6.5 (medium): SAP Disclosure Management - version 10.1, allows an authenticated attacker to exploit certain misconfigured application endpoints to read…
CVE-2020-26828 — CVSS 6.4 (medium): SAP Disclosure Management, version - 10.1, provides capabilities for authorized users to upload and download content of specific file type…
CVE-2020-6290 — CVSS 6.3 (medium): SAP Disclosure Management, version 10.1, is vulnerable to Session Fixation attacks wherein the attacker tricks the user into using a…
CVE-2018-2403 — CVSS 5.4 (medium): Under certain conditions, SAP Disclosure Management 10.1 allows an attacker to access information which would otherwise be restricted. It…
CVE-2018-2413 — CVSS 5.4 (medium): SAP Disclosure Management 10.1 does not perform necessary authorization checks for an authenticated user, resulting in escalation of…
CVE-2019-0254 — CVSS 5.4 (medium): SAP Disclosure Management (before version 10.1 Stack 1301) does not sufficiently encode user-controlled inputs, resulting in Cross-Site…
CVE-2020-6267 — CVSS 5.4 (medium): Some sensitive cookies in SAP Disclosure Management, version 10.1, are missing HttpOnly flag, leading to sensitive cookie without Http Only…
CVE-2020-6303 — CVSS 5.4 (medium): SAP Disclosure Management, before version 10.1, does not validate user input properly in specific use cases leading to Cross-Site Scripting.
CVE-2018-2404 — CVSS 4.3 (medium): SAP Disclosure Management 10.1 allows an attacker to upload any file without proper file format validation.
CVE-2018-2412 — CVSS 3.8 (low): SAP Disclosure Management 10.1 does not perform necessary authorization checks for an authenticated user, resulting in escalation of…