Filtered by vendor Sap
Subscribe
Total
1426 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-23860 | 1 Sap | 1 Netweaver Application Server Abap | 2023-04-11 | N/A | 6.1 MEDIUM |
| SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to craft a link, which when clicked by an unsuspecting user can be used to redirect a user to a malicious site which could read or modify some sensitive information or expose the victim to a phishing attack. | |||||
| CVE-2023-23859 | 1 Sap | 1 Netweaver Application Server Abap | 2023-04-11 | N/A | 6.1 MEDIUM |
| SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to craft a malicious link, which when clicked by an unsuspecting user, can be used to read or modify some sensitive information. | |||||
| CVE-2023-23857 | 1 Sap | 1 Netweaver Application Server For Java | 2023-04-11 | N/A | 8.6 HIGH |
| Due to missing authentication check, SAP NetWeaver AS for Java - version 7.50, allows an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and services across systems. On a successful exploitation, the attacker can read and modify some sensitive information but can also be used to lock up any element or operation of the system making that it unresponsive or unavailable. | |||||
| CVE-2023-23855 | 1 Sap | 1 Solution Manager | 2023-04-11 | N/A | 5.4 MEDIUM |
| SAP Solution Manager - version 720, allows an authenticated attacker to redirect users to a malicious site due to insufficient URL validation. A successful attack could lead an attacker to read or modify the information or expose the user to a phishing attack. As a result, it has a low impact to confidentiality, integrity and availability. | |||||
| CVE-2023-23854 | 1 Sap | 1 Netweaver Application Server Abap | 2023-04-11 | N/A | 5.4 MEDIUM |
| SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | |||||
| CVE-2023-23853 | 1 Sap | 1 Netweaver Application Server Abap | 2023-04-11 | N/A | 6.1 MEDIUM |
| An unauthenticated attacker in AP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, can craft a link which when clicked by an unsuspecting user can be used to redirect a user to a malicious site which could read or modify some sensitive information or expose the victim to a phishing attack. Vulnerability has no direct impact on availability. | |||||
| CVE-2023-23852 | 1 Sap | 1 Solution Manager | 2023-04-11 | N/A | 6.1 MEDIUM |
| SAP Solution Manager (System Monitoring) - version 720, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2023-23851 | 1 Sap | 1 Business Planning And Consolidation | 2023-04-11 | N/A | 5.4 MEDIUM |
| SAP Business Planning and Consolidation - versions 200, 300, allows an attacker with business authorization to upload any files (including web pages) without the proper file format validation. If other users visit the uploaded malicious web page, the attacker may perform actions on behalf of the users without their consent impacting the confidentiality and integrity of the system. | |||||
| CVE-2023-0025 | 1 Sap | 1 Solution Manager | 2023-04-11 | N/A | 5.4 MEDIUM |
| SAP Solution Manager (BSP Application) - version 720, allows an authenticated attacker to craft a malicious link, which when clicked by an unsuspecting user, can be used to read or modify some sensitive information or craft a payload which may restrict access to the desired resources. | |||||
| CVE-2023-0024 | 1 Sap | 1 Solution Manager | 2023-04-11 | N/A | 5.4 MEDIUM |
| SAP Solution Manager (BSP Application) - version 720, allows an authenticated attacker to craft a malicious link, which when clicked by an unsuspecting user, can be used to read or modify some sensitive information or craft a payload which may restrict access to the desired resources, resulting in Cross-Site Scripting vulnerability. | |||||
| CVE-2023-27271 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2023-04-11 | N/A | 7.5 HIGH |
| In SAP BusinessObjects Business Intelligence Platform (Web Services) - versions 420, 430, an attacker can control a malicious BOE server, forcing the application server to connect to its own admintools, leading to a high impact on availability. | |||||
| CVE-2023-27270 | 1 Sap | 1 Netweaver Application Server Abap | 2023-04-11 | N/A | 6.5 MEDIUM |
| SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, has multiple vulnerabilities in a class for test purposes in which an attacker authenticated as a non-administrative user can craft a request with certain parameters, which will consume the server's resources sufficiently to make it unavailable. There is no ability to view or modify any information. | |||||
| CVE-2023-26461 | 1 Sap | 1 Netweaver Enterprise Portal | 2023-04-11 | N/A | 4.9 MEDIUM |
| SAP NetWeaver allows (SAP Enterprise Portal) - version 7.50, allows an authenticated attacker with sufficient privileges to access the XML parser which can submit a crafted XML file which when parsed will enable them to access but not modify sensitive files and data. It allows the attacker to view sensitive data which is owned by certain privileges. | |||||
| CVE-2023-26460 | 1 Sap | 1 Netweaver Application Server For Java | 2023-04-11 | N/A | 5.3 MEDIUM |
| Cache Management Service in SAP NetWeaver Application Server for Java - version 7.50, does not perform any authentication checks for functionalities that require user identity | |||||
| CVE-2023-26459 | 1 Sap | 1 Netweaver Application Server Abap | 2023-04-11 | N/A | 7.4 HIGH |
| Due to improper input controls In SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, an attacker authenticated as a non-administrative user can craft a request which will trigger the application server to send a request to an arbitrary URL which can reveal, modify or make unavailable non-sensitive information, leading to low impact on Confidentiality, Integrity and Availability. | |||||
| CVE-2023-26457 | 1 Sap | 1 Content Server | 2023-04-11 | N/A | 6.1 MEDIUM |
| SAP Content Server - version 7.53, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker can read and modify some sensitive information but cannot delete the data. | |||||
| CVE-2023-27896 | 1 Sap | 1 Businessobjects Business Intelligence | 2023-04-11 | N/A | 7.5 HIGH |
| In SAP BusinessObjects Business Intelligence Platform - version 420, 430, an attacker can control a malicious BOE server, forcing the application server to connect to its own CMS, leading to a high impact on availability. | |||||
| CVE-2023-27895 | 1 Sap | 1 Authenticator | 2023-04-11 | N/A | 6.5 MEDIUM |
| SAP Authenticator for Android - version 1.3.0, allows the screen to be captured, if an authorized attacker installs a malicious app on the mobile device. The attacker could extract the currently views of the OTP and the secret OTP alphanumeric token during the token setup. On successful exploitation, an attacker can read some sensitive information but cannot modify and delete the data. | |||||
| CVE-2023-27894 | 1 Sap | 1 Businessobjects Business Intelligence | 2023-04-11 | N/A | 5.3 MEDIUM |
| SAP BusinessObjects Business Intelligence Platform (Web Services) - versions 420, 430, allows an attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. On successful exploitation, attacker can scan internal network to determine internal infrastructure for further attacks like remote file inclusion, retrieve server files, bypass firewall and force the vulnerable server to execute malicious requests, resulting in sensitive information disclosure. This causes limited impact on confidentiality of data. | |||||
| CVE-2023-27893 | 1 Sap | 1 Solution Manager | 2023-04-11 | N/A | 8.8 HIGH |
| An attacker authenticated as a user with a non-administrative role and a common remote execution authorization in SAP Solution Manager and ABAP managed systems (ST-PI) - versions 2088_1_700, 2008_1_710, 740, can use a vulnerable interface to execute an application function to perform actions which they would not normally be permitted to perform. Depending on the function executed, the attack can read or modify any user or application data and can make the application unavailable. | |||||