Skip to main content

Ui5

3 CVEs product

Monthly

CVE-2021-21476 MEDIUM This Month

SAP UI5 versions before 1.38.49, 1.52.49, 1.60.34, 1.71.31, 1.78.18, 1.84.5, 1.85.4, 1.86.1 allows an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect SAP Ui5
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2019-0319 HIGH POC This Week

The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is displayed in the form of an error message. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection SAP Gateway Ui5
NVD
CVSS 3.0
7.5
EPSS
2.5%
CVE-2018-2424 HIGH This Week

SAP UI5 did not validate user input before adding it to the DOM structure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure SAP Hana Database Ui Ui5 +1
NVD
CVSS 3.0
7.5
EPSS
2.4%
EPSS 1% CVSS 6.1
MEDIUM This Month

SAP UI5 versions before 1.38.49, 1.52.49, 1.60.34, 1.71.31, 1.78.18, 1.84.5, 1.85.4, 1.86.1 allows an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect SAP Ui5
NVD
EPSS 3% CVSS 7.5
HIGH POC This Week

The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is displayed in the form of an error message. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection SAP Gateway +1
NVD
EPSS 2% CVSS 7.5
HIGH This Week

SAP UI5 did not validate user input before adding it to the DOM structure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure SAP Hana Database +3
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy