Skip to main content

Enable Now

14 CVEs product

Monthly

CVE-2024-34692 MEDIUM This Month

Due to missing verification of file type or content, SAP Enable Now allows an authenticated attacker to upload arbitrary files. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP File Upload Enable Now
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2023-36919 MEDIUM This Month

In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the Referrer-Policy response header is not implemented, allowing an unauthenticated. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Information Disclosure Enable Now
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-36918 MEDIUM This Month

In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the X-Content-Type-Options response header is not implemented, allowing an. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP XSS Enable Now
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-33988 MEDIUM This Month

In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the Content-Security-Policy and X-XSS-Protection response headers are not. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP XSS Enable Now
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-35297 MEDIUM This Month

The application SAP Enable Now does not sufficiently encode user-controlled inputs over the network before it is placed in the output being served to other users, thereby expanding the attack scope,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Enable Now
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-27637 MEDIUM This Month

Under certain conditions SAP Enable Now (SAP Workforce Performance Builder - Manager), versions - 1.0, 10 allows an attacker to access information which would otherwise be restricted leading to. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure SAP Enable Now
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2020-6197 LOW Monitor

SAP Enable Now, before version 1908, does not invalidate session tokens in a timely manner. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

SAP Information Disclosure Enable Now
NVD
CVSS 3.1
3.3
EPSS
0.6%
CVE-2020-6178 MEDIUM This Month

SAP Enable Now, before version 1911, sends the Session ID cookie value in URL. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Enable Now
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-0405 HIGH This Week

SAP Enable Now, before version 1911, leaks information about the existence of a particular user which can be used to construct a list of users, leading to a user enumeration vulnerability and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure SAP Enable Now
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2019-0404 HIGH This Week

SAP Enable Now, before version 1911, leaks information about network configuration in the server error messages, leading to Information Disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure SAP Enable Now
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2019-0403 CRITICAL Act Now

SAP Enable Now, before version 1911, allows an attacker to input commands into the CSV files, which will be executed when opened, leading to CSV Command Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Command Injection Enable Now
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2019-0385 MEDIUM This Month

SAP Enable Now, before version 1908, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Enable Now
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2019-0341 HIGH This Week

The session cookie used by SAP Enable Now, version 1902, does not have the HttpOnly flag set. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Enable Now
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2019-0340 MEDIUM This Month

The XML parser, which is being used by SAP Enable Now, before version 1902, has not been hardened correctly, leading to Missing XML Validation vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE File Upload SAP Enable Now
NVD
CVSS 3.0
5.4
EPSS
0.7%
EPSS 0% CVSS 4.6
MEDIUM This Month

Due to missing verification of file type or content, SAP Enable Now allows an authenticated attacker to upload arbitrary files. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP File Upload Enable Now
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the Referrer-Policy response header is not implemented, allowing an unauthenticated. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Information Disclosure Enable Now
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the X-Content-Type-Options response header is not implemented, allowing an. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP XSS Enable Now
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the Content-Security-Policy and X-XSS-Protection response headers are not. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP XSS Enable Now
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

The application SAP Enable Now does not sufficiently encode user-controlled inputs over the network before it is placed in the output being served to other users, thereby expanding the attack scope,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Enable Now
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

Under certain conditions SAP Enable Now (SAP Workforce Performance Builder - Manager), versions - 1.0, 10 allows an attacker to access information which would otherwise be restricted leading to. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure SAP Enable Now
NVD
EPSS 1% CVSS 3.3
LOW Monitor

SAP Enable Now, before version 1908, does not invalidate session tokens in a timely manner. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

SAP Information Disclosure Enable Now
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

SAP Enable Now, before version 1911, sends the Session ID cookie value in URL. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Enable Now
NVD
EPSS 1% CVSS 7.5
HIGH This Week

SAP Enable Now, before version 1911, leaks information about the existence of a particular user which can be used to construct a list of users, leading to a user enumeration vulnerability and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure SAP Enable Now
NVD
EPSS 1% CVSS 7.5
HIGH This Week

SAP Enable Now, before version 1911, leaks information about network configuration in the server error messages, leading to Information Disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure SAP Enable Now
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

SAP Enable Now, before version 1911, allows an attacker to input commands into the CSV files, which will be executed when opened, leading to CSV Command Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Command Injection Enable Now
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

SAP Enable Now, before version 1908, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Enable Now
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The session cookie used by SAP Enable Now, version 1902, does not have the HttpOnly flag set. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Enable Now
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

The XML parser, which is being used by SAP Enable Now, before version 1902, has not been hardened correctly, leading to Missing XML Validation vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE File Upload SAP +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy