VYPR

UI

by SAP

CVEs (3)

  • CVE-2018-2424CriJun 12, 2018
    risk 0.64cvss 9.8epss 0.02

    SAP UI5 did not validate user input before adding it to the DOM structure. This may lead to malicious user-provided JavaScript code being added to the DOM that could steal user information. Software components affected are: SAP Hana Database 1.00, 2.00; SAP UI5 1.00; SAP UI5…

  • CVE-2018-2428MedJun 12, 2018
    risk 0.35cvss 5.3epss 0.02

    Under certain conditions SAP UI5 Handler allows an attacker to access information which would otherwise be restricted. Software components affected are: SAP Infrastructure 1.0, SAP UI 7.4, 7.5, 7.51, 7.52 and version 2.0 of SAP UI for SAP NetWeaver 7.00.

  • CVE-2019-0388Nov 13, 2019
    risk 0.00cvss epss 0.01

    SAP UI5 HTTP Handler (corrected in SAP_UI versions 7.5, 7.51, 7.52, 7.53, 7.54 and SAP UI_700 version 2.0) allows an attacker to manipulate content due to insufficient URL validation.