Filtered by vendor Sap
Subscribe
Total
1485 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-6280 | 1 Sap | 2 Abap Platform, Netweaver Application Server Abap | 2022-10-05 | 4.0 MEDIUM | 2.7 LOW |
| SAP NetWeaver (ABAP Server) and ABAP Platform, versions 731, 740, 750, allows an attacker with admin privileges to access certain files which should otherwise be restricted, leading to Information Disclosure. | |||||
| CVE-2020-26819 | 1 Sap | 1 Netweaver Application Server Abap | 2022-10-05 | 6.5 MEDIUM | 8.8 HIGH |
| SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, that allows them to read and delete database logfiles because of Improper Access Control. | |||||
| CVE-2020-6240 | 1 Sap | 1 Netweaver Application Server Abap | 2022-10-05 | 5.0 MEDIUM | 7.5 HIGH |
| SAP NetWeaver AS ABAP (Web Dynpro ABAP), versions (SAP_UI 750, 752, 753, 754 and SAP_BASIS 700, 710, 730, 731, 804) allows an unauthenticated attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service leading to Denial of Service | |||||
| CVE-2020-6371 | 1 Sap | 1 Netweaver Application Server Abap | 2022-10-05 | 4.0 MEDIUM | 4.3 MEDIUM |
| User enumeration vulnerability can be exploited to get a list of user accounts and personal user information can be exposed in SAP NetWeaver Application Server ABAP (POWL test application) versions - 710, 711, 730, 731, 740, 750, leading to Information Disclosure. | |||||
| CVE-2022-22540 | 1 Sap | 1 Netweaver Application Server Abap | 2022-10-05 | 5.0 MEDIUM | 7.5 HIGH |
| SAP NetWeaver AS ABAP (Workplace Server) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 787, allows an attacker to execute crafted database queries, that could expose the backend database. Successful attacks could result in disclosure of a table of contents from the system, but no risk of modification possible. | |||||
| CVE-2020-26818 | 1 Sap | 1 Netweaver Application Server Abap | 2022-10-05 | 6.5 MEDIUM | 8.8 HIGH |
| SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, which reveals sensitive system information that would otherwise be restricted to highly privileged users because of missing authorization, resulting in Information Disclosure. | |||||
| CVE-2022-35294 | 1 Sap | 1 Netweaver Application Server Abap | 2022-10-05 | N/A | 5.4 MEDIUM |
| An attacker with basic business user privileges could craft and upload a malicious file to SAP NetWeaver Application Server ABAP, which is then downloaded and viewed by other users resulting in a stored Cross-Site-Scripting attack. This could lead to information disclosure including stealing authentication information and impersonating the affected user. | |||||
| CVE-2020-6270 | 1 Sap | 1 Netweaver Application Server Abap | 2022-10-05 | 4.0 MEDIUM | 6.5 MEDIUM |
| SAP NetWeaver AS ABAP (Banking Services), versions - 710, 711, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not perform necessary authorization checks for an authenticated user due to Missing Authorization Check, allowing wrong and unexpected change of individual conditions by a malicious user leading to wrong prices. | |||||
| CVE-2020-6296 | 1 Sap | 2 Abap Platform, Netweaver Application Server Abap | 2022-10-05 | 6.5 MEDIUM | 8.8 HIGH |
| SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 753, 755, allows an attacker to inject code that can be executed by the application, leading to Code Injection. An attacker could thereby control the behavior of the application. | |||||
| CVE-2021-33678 | 1 Sap | 1 Netweaver Application Server Abap | 2022-10-05 | 7.5 HIGH | 6.5 MEDIUM |
| A function module of SAP NetWeaver AS ABAP (Reconciliation Framework), versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75B, 75C, 75D, 75E, 75F, allows a high privileged attacker to inject code that can be executed by the application. An attacker could thereby delete some critical information and could make the SAP system completely unavailable. | |||||
| CVE-2019-0321 | 1 Sap | 2 Netweaver Application Server Abap, Netweaver As Abap | 2022-10-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| ABAP Server and ABAP Platform (SAP Basis), versions, 7.31, 7.4, 7.5, do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2021-21446 | 1 Sap | 1 Netweaver Application Server Abap | 2022-10-05 | 5.0 MEDIUM | 7.5 HIGH |
| SAP NetWeaver AS ABAP, versions 740, 750, 751, 752, 753, 754, 755, allows an unauthenticated attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service, this has a high impact on the availability of the service. | |||||
| CVE-2021-27611 | 1 Sap | 1 Netweaver Application Server Abap | 2022-10-05 | 4.6 MEDIUM | 6.7 MEDIUM |
| SAP NetWeaver AS ABAP, versions - 700, 701, 702, 730, 731, allow a high privileged attacker to inject malicious code by executing an ABAP report when the attacker has access to the local SAP system. The attacker could then get access to data, overwrite them, or execute a denial of service. | |||||
| CVE-2021-27603 | 1 Sap | 1 Netweaver Application Server Abap | 2022-10-05 | 4.0 MEDIUM | 6.5 MEDIUM |
| An RFC enabled function module SPI_WAIT_MILLIS in SAP NetWeaver AS ABAP, versions - 731, 740, 750, allows to keep a work process busy for any length of time. An attacker could call this function module multiple times to block all work processes thereby causing Denial of Service and affecting the Availability of the SAP system. | |||||
| CVE-2021-44231 | 1 Sap | 2 Abap Platform, Netweaver Application Server Abap | 2022-10-05 | 7.5 HIGH | 9.8 CRITICAL |
| Internally used text extraction reports allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application. | |||||
| CVE-2020-6299 | 1 Sap | 2 Abap Platform, Netweaver Application Server Abap | 2022-10-05 | 4.0 MEDIUM | 4.3 MEDIUM |
| SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 740, 750, 751, 752, 753, 754, 755, allows a business user to access the list of users in the given system using value help, leading to Information Disclosure. | |||||
| CVE-2020-6310 | 1 Sap | 2 Abap Platform, Netweaver Application Server Abap | 2022-10-05 | 4.0 MEDIUM | 4.3 MEDIUM |
| Improper access control in SOA Configuration Trace component in SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 702, 730, 731, 740, 750, allows any authenticated user to enumerate all SAP users, leading to Information Disclosure. | |||||
| CVE-2022-39014 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2022-10-01 | N/A | 5.3 MEDIUM |
| Under certain conditions SAP BusinessObjects Business Intelligence Platform Central Management Console (CMC) - version 430, allows an attacker to access certain unencrypted sensitive parameters which would otherwise be restricted. | |||||
| CVE-2022-35298 | 1 Sap | 1 Netweaver Enterprise Portal | 2022-10-01 | N/A | 6.1 MEDIUM |
| SAP NetWeaver Enterprise Portal (KMC) - version 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability. KMC servlet is vulnerable to XSS attack. The execution of script content by a victim registered on the portal could compromise the confidentiality and integrity of victim’s web browser session. | |||||
| CVE-2022-35292 | 1 Sap | 1 Business One | 2022-10-01 | N/A | 7.8 HIGH |
| In SAP Business One application when a service is created, the executable path contains spaces and isn’t enclosed within quotes, leading to a vulnerability known as Unquoted Service Path which allows a user to gain SYSTEM privileges. If the service is exploited by adversaries, it can be used to gain privileged permissions on a system or network leading to high impact on Confidentiality, Integrity, and Availability. | |||||