Every CVE whose affected-product data names Sap Enable Now, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (14)
CVE-2019-0403 — CVSS 9.8 (critical): SAP Enable Now, before version 1911, allows an attacker to input commands into the CSV files, which will be executed when opened, leading…
CVE-2019-0341 — CVSS 8.8 (high): The session cookie used by SAP Enable Now, version 1902, does not have the HttpOnly flag set. If an attacker runs script code in the…
CVE-2019-0404 — CVSS 7.5 (high): SAP Enable Now, before version 1911, leaks information about network configuration in the server error messages, leading to Information…
CVE-2019-0405 — CVSS 7.5 (high): SAP Enable Now, before version 1911, leaks information about the existence of a particular user which can be used to construct a list of…
CVE-2019-0385 — CVSS 6.5 (medium): SAP Enable Now, before version 1908, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS)…
CVE-2023-33988 — CVSS 6.1 (medium): In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the…
CVE-2023-36918 — CVSS 6.1 (medium): In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the…
CVE-2020-6178 — CVSS 5.4 (medium): SAP Enable Now, before version 1911, sends the Session ID cookie value in URL. This might be stolen from the browser history or log files…
CVE-2019-0340 — CVSS 5.4 (medium): The XML parser, which is being used by SAP Enable Now, before version 1902, has not been hardened correctly, leading to Missing XML…
CVE-2022-35297 — CVSS 5.4 (medium): The application SAP Enable Now does not sufficiently encode user-controlled inputs over the network before it is placed in the output being…
CVE-2023-36919 — CVSS 5.3 (medium): In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the Referrer-Policy…
CVE-2021-27637 — CVSS 4.6 (medium): Under certain conditions SAP Enable Now (SAP Workforce Performance Builder - Manager), versions - 1.0, 10 allows an attacker to access…
CVE-2024-34692 — CVSS 3.3 (low): Due to missing verification of file type or content, SAP Enable Now allows an authenticated attacker to upload arbitrary files. These files…
CVE-2020-6197 — CVSS 3.3 (low): SAP Enable Now, before version 1908, does not invalidate session tokens in a timely manner. The Insufficient Session Expiration may allow…