Filtered by vendor Sap
Subscribe
Total
1485 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-32238 | 1 Sap | 1 3d Visual Enterprise Viewer | 2022-06-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| When a user opens manipulated Encapsulated Post Script (.eps, ai.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | |||||
| CVE-2020-6220 | 1 Sap | 1 Business Objects Business Intelligence Platform | 2022-06-14 | 2.6 LOW | 4.7 MEDIUM |
| BI Launchpad and CMC in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Exploit is possible only when the bttoken in victim’s session is active. | |||||
| CVE-2021-21465 | 1 Sap | 1 Business Warehouse | 2022-06-03 | 6.5 MEDIUM | 9.9 CRITICAL |
| The BW Database Interface allows an attacker with low privileges to execute any crafted database queries, exposing the backend database. An attacker can include their own SQL commands which the database will execute without properly sanitizing the untrusted data leading to SQL injection vulnerability which can fully compromise the affected SAP system. | |||||
| CVE-2022-29616 | 1 Sap | 3 Netweaver As Abap Kernel, Netweaver As Abap Krnl64nuc, Netweaver As Abap Krnl64uc | 2022-05-19 | 5.0 MEDIUM | 7.5 HIGH |
| SAP Host Agent, SAP NetWeaver and ABAP Platform allow an attacker to leverage logical errors in memory management to cause a memory corruption. | |||||
| CVE-2022-27656 | 1 Sap | 3 Netweaver As Abap Kernel, Netweaver As Abap Krnl64uc, Webdispatcher | 2022-05-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Web administration UI of SAP Web Dispatcher and the Internet Communication Manager (ICM) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2022-29613 | 1 Sap | 1 Employee Self Service | 2022-05-19 | 4.0 MEDIUM | 4.3 MEDIUM |
| Due to insufficient input validation, SAP Employee Self Service allows an authenticated attacker with user privileges to alter employee number. On successful exploitation, the attacker can view personal details of other users causing a limited impact on confidentiality of the application. | |||||
| CVE-2022-29610 | 1 Sap | 1 Netweaver Application Server Abap | 2022-05-19 | 3.5 LOW | 5.4 MEDIUM |
| SAP NetWeaver Application Server ABAP allows an authenticated attacker to upload malicious files and delete (theme) data, which could result in Stored Cross-Site Scripting (XSS) attack. | |||||
| CVE-2022-28214 | 1 Sap | 2 Businessobjects, Businessobjects Business Intelligence | 2022-05-19 | 4.6 MEDIUM | 7.8 HIGH |
| During an update of SAP BusinessObjects Enterprise, Central Management Server (CMS) - versions 420, 430, authentication credentials are being exposed in Sysmon event logs. This Information Disclosure could cause a high impact on systems’ Confidentiality, Integrity, and Availability. | |||||
| CVE-2021-33670 | 1 Sap | 1 Netweaver Application Server Java | 2022-05-12 | 5.0 MEDIUM | 7.5 HIGH |
| SAP NetWeaver AS for Java (Http Service Monitoring Filter), versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send multiple HTTP requests with different method types thereby crashing the filter and making the HTTP server unavailable to other legitimate users leading to denial of service vulnerability. | |||||
| CVE-2021-33687 | 1 Sap | 1 Netweaver Application Server Java | 2022-05-03 | 4.0 MEDIUM | 4.9 MEDIUM |
| SAP NetWeaver AS JAVA (Enterprise Portal), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50 reveals sensitive information in one of their HTTP requests, an attacker can use this in conjunction with other attacks such as XSS to steal this information. | |||||
| CVE-2021-21464 | 1 Sap | 1 3d Visual Enterprise Viewer | 2022-05-03 | 4.3 MEDIUM | 4.3 MEDIUM |
| SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | |||||
| CVE-2021-33669 | 1 Sap | 1 Mobile Sdk Certificate Provider | 2022-05-03 | 6.9 MEDIUM | 7.8 HIGH |
| Under certain conditions, SAP Mobile SDK Certificate Provider allows a local unprivileged attacker to exploit an insecure temporary file storage. For a successful exploitation user interaction from another user is required and could lead to complete impact of confidentiality integrity and availability. | |||||
| CVE-2021-42063 | 1 Sap | 1 Knowledge Warehouse | 2022-04-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| A security vulnerability has been discovered in the SAP Knowledge Warehouse - versions 7.30, 7.31, 7.40, 7.50. The usage of one SAP KW component within a Web browser enables unauthorized attackers to conduct XSS attacks, which might lead to disclose sensitive data. | |||||
| CVE-2020-6234 | 1 Sap | 1 Host Agent | 2022-04-29 | 6.5 MEDIUM | 7.2 HIGH |
| SAP Host Agent, version 7.21, allows an attacker with admin privileges to use the operation framework to gain root privileges over the underlying operating system, leading to Privilege Escalation. | |||||
| CVE-2021-33697 | 1 Sap | 1 Businessobjects Business Intelligence | 2022-04-25 | 5.8 MEDIUM | 6.1 MEDIUM |
| Under certain conditions, SAP BusinessObjects Business Intelligence Platform (SAPUI5), versions - 420, 430, can allow an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities. | |||||
| CVE-2022-27667 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2022-04-20 | 4.3 MEDIUM | 7.5 HIGH |
| Under certain conditions, SAP BusinessObjects Business Intelligence platform, Client Management Console (CMC) - version 430, allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure. | |||||
| CVE-2022-27670 | 1 Sap | 1 Sql Anywhere | 2022-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| SAP SQL Anywhere - version 17.0, allows an authenticated attacker to prevent legitimate users from accessing a SQL Anywhere database server by crashing the server with some queries that use indirect identifiers. | |||||
| CVE-2022-27669 | 1 Sap | 1 Netweaver Application Server For Java | 2022-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| An unauthenticated user can use functions of XML Data Archiving Service of SAP NetWeaver Application Server for Java - version 7.50, to which access should be restricted. This may result in an escalation of privileges. | |||||
| CVE-2022-27655 | 1 Sap | 1 3d Visual Enterprise Viewer | 2022-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| When a user opens a manipulated Universal 3D (.u3d, 3difr.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. | |||||
| CVE-2022-27654 | 1 Sap | 1 3d Visual Enterprise Viewer | 2022-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| When a user opens a manipulated Photoshop Document (.psd, 2d.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. | |||||