Filtered by vendor Sap
Subscriptions
Filtered by product Identity Management
Subscriptions
Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-0504 | 1 Sap | 1 Identity Management | 2026-01-13 | 3.8 Low |
| Due to insufficient input handling, the SAP Identity Management REST interface allows an authenticated administrator to submit specially crafted malicious REST requests that are processed by JNDI operations without adequate input neutralization. This may lead to limited disclosure or modification of data, resulting in low impact on confidentiality and integrity, with no impact on application availability. | ||||
| CVE-2020-6258 | 1 Sap | 1 Identity Management | 2024-11-21 | 6.5 Medium |
| SAP Identity Management, version 8.0, does not perform necessary authorization checks for an authenticated user, allowing the attacker to view certain sensitive information of the victim, leading to Missing Authorization Check. | ||||
| CVE-2019-0301 | 1 Sap | 1 Identity Management | 2024-11-21 | N/A |
| Under certain conditions, it is possible to request the modification of role or privilege assignments through SAP Identity Management REST Interface Version 2, which would otherwise be restricted only for viewing. | ||||
| CVE-2018-2417 | 1 Sap | 1 Identity Management | 2024-11-21 | N/A |
| Under certain conditions, the SAP Identity Management 8.0 (pass of type ToASCII) allows an attacker to access information which would otherwise be restricted. | ||||
| CVE-2018-2416 | 1 Sap | 1 Identity Management | 2024-11-21 | N/A |
| SAP Identity Management 7.2 and 8.0 do not sufficiently validate an XML document accepted from an untrusted source. | ||||
Page 1 of 1.