Skip to main content

Ui

5 CVEs product

Monthly

CVE-2023-33991 HIGH This Week

SAP UI5 Variant Management - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, UI_700 200, does not sufficiently encode user-controlled inputs on reading data from the server,. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP XSS Ui
NVD
CVSS 3.1
8.2
EPSS
0.5%
CVE-2022-39395 Go CRITICAL PATCH Act Now

Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Server Ui Worker
NVD GitHub
CVSS 3.1
9.9
EPSS
1.1%
CVE-2019-0388 MEDIUM This Month

SAP UI5 HTTP Handler (corrected in SAP_UI versions 7.5, 7.51, 7.52, 7.53, 7.54 and SAP UI_700 version 2.0) allows an attacker to manipulate content due to insufficient URL validation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass SAP Ui
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2018-2428 MEDIUM This Month

Under certain conditions SAP UI5 Handler allows an attacker to access information which would otherwise be restricted. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure SAP Infrastructure Ui
NVD
CVSS 3.0
5.3
EPSS
1.8%
CVE-2018-2424 HIGH This Week

SAP UI5 did not validate user input before adding it to the DOM structure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure SAP Hana Database Ui Ui5 +1
NVD
CVSS 3.0
7.5
EPSS
2.4%
EPSS 0% CVSS 8.2
HIGH This Week

SAP UI5 Variant Management - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, UI_700 200, does not sufficiently encode user-controlled inputs on reading data from the server,. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP XSS Ui
NVD
EPSS 1% CVSS 9.9
CRITICAL PATCH Act Now

Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Server Ui +1
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM This Month

SAP UI5 HTTP Handler (corrected in SAP_UI versions 7.5, 7.51, 7.52, 7.53, 7.54 and SAP UI_700 version 2.0) allows an attacker to manipulate content due to insufficient URL validation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass SAP Ui
NVD
EPSS 2% CVSS 5.3
MEDIUM This Month

Under certain conditions SAP UI5 Handler allows an attacker to access information which would otherwise be restricted. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure SAP Infrastructure +1
NVD
EPSS 2% CVSS 7.5
HIGH This Week

SAP UI5 did not validate user input before adding it to the DOM structure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure SAP Hana Database +3
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy