Filtered by vendor Sap
Subscribe
Total
1426 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-28214 | 1 Sap | 2 Businessobjects, Businessobjects Business Intelligence | 2022-05-19 | 4.6 MEDIUM | 7.8 HIGH |
During an update of SAP BusinessObjects Enterprise, Central Management Server (CMS) - versions 420, 430, authentication credentials are being exposed in Sysmon event logs. This Information Disclosure could cause a high impact on systems’ Confidentiality, Integrity, and Availability. | |||||
CVE-2021-33670 | 1 Sap | 1 Netweaver Application Server Java | 2022-05-12 | 5.0 MEDIUM | 7.5 HIGH |
SAP NetWeaver AS for Java (Http Service Monitoring Filter), versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send multiple HTTP requests with different method types thereby crashing the filter and making the HTTP server unavailable to other legitimate users leading to denial of service vulnerability. | |||||
CVE-2021-33687 | 1 Sap | 1 Netweaver Application Server Java | 2022-05-03 | 4.0 MEDIUM | 4.9 MEDIUM |
SAP NetWeaver AS JAVA (Enterprise Portal), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50 reveals sensitive information in one of their HTTP requests, an attacker can use this in conjunction with other attacks such as XSS to steal this information. | |||||
CVE-2021-33669 | 1 Sap | 1 Mobile Sdk Certificate Provider | 2022-05-03 | 6.9 MEDIUM | 7.8 HIGH |
Under certain conditions, SAP Mobile SDK Certificate Provider allows a local unprivileged attacker to exploit an insecure temporary file storage. For a successful exploitation user interaction from another user is required and could lead to complete impact of confidentiality integrity and availability. | |||||
CVE-2021-21464 | 1 Sap | 1 3d Visual Enterprise Viewer | 2022-05-03 | 4.3 MEDIUM | 4.3 MEDIUM |
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | |||||
CVE-2021-42063 | 1 Sap | 1 Knowledge Warehouse | 2022-04-30 | 4.3 MEDIUM | 6.1 MEDIUM |
A security vulnerability has been discovered in the SAP Knowledge Warehouse - versions 7.30, 7.31, 7.40, 7.50. The usage of one SAP KW component within a Web browser enables unauthorized attackers to conduct XSS attacks, which might lead to disclose sensitive data. | |||||
CVE-2016-9563 | 1 Sap | 1 Netweaver Application Server Java | 2022-04-29 | 4.0 MEDIUM | 6.5 MEDIUM |
BC-BMT-BPM-DSK in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via the sap.com~tc~bpem~him~uwlconn~provider~web/bpemuwlconn URI, aka SAP Security Note 2296909. | |||||
CVE-2016-3976 | 1 Sap | 1 Netweaver Application Server Java | 2022-04-29 | 5.0 MEDIUM | 7.5 HIGH |
Directory traversal vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the fileName parameter to CrashFileDownloadServlet, aka SAP Security Note 2234971. | |||||
CVE-2020-6234 | 1 Sap | 1 Host Agent | 2022-04-29 | 6.5 MEDIUM | 7.2 HIGH |
SAP Host Agent, version 7.21, allows an attacker with admin privileges to use the operation framework to gain root privileges over the underlying operating system, leading to Privilege Escalation. | |||||
CVE-2020-6287 | 1 Sap | 1 Netweaver Application Server Java | 2022-04-28 | 10.0 HIGH | 10.0 CRITICAL |
SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create an administrative user, and therefore compromising Confidentiality, Integrity and Availability of the system, leading to Missing Authentication Check. | |||||
CVE-2021-33697 | 1 Sap | 1 Businessobjects Business Intelligence | 2022-04-25 | 5.8 MEDIUM | 6.1 MEDIUM |
Under certain conditions, SAP BusinessObjects Business Intelligence Platform (SAPUI5), versions - 420, 430, can allow an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities. | |||||
CVE-2022-27667 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2022-04-20 | 4.3 MEDIUM | 7.5 HIGH |
Under certain conditions, SAP BusinessObjects Business Intelligence platform, Client Management Console (CMC) - version 430, allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure. | |||||
CVE-2022-27670 | 1 Sap | 1 Sql Anywhere | 2022-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
SAP SQL Anywhere - version 17.0, allows an authenticated attacker to prevent legitimate users from accessing a SQL Anywhere database server by crashing the server with some queries that use indirect identifiers. | |||||
CVE-2022-27669 | 1 Sap | 1 Netweaver Application Server For Java | 2022-04-20 | 5.0 MEDIUM | 7.5 HIGH |
An unauthenticated user can use functions of XML Data Archiving Service of SAP NetWeaver Application Server for Java - version 7.50, to which access should be restricted. This may result in an escalation of privileges. | |||||
CVE-2022-27655 | 1 Sap | 1 3d Visual Enterprise Viewer | 2022-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
When a user opens a manipulated Universal 3D (.u3d, 3difr.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. | |||||
CVE-2022-27654 | 1 Sap | 1 3d Visual Enterprise Viewer | 2022-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
When a user opens a manipulated Photoshop Document (.psd, 2d.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. | |||||
CVE-2022-27671 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2022-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
A CSRF token visible in the URL may possibly lead to information disclosure vulnerability. | |||||
CVE-2022-28216 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2022-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
SAP BusinessObjects Business Intelligence Platform (BI Workspace) - version 420, is susceptible to a Cross-Site Scripting attack by an unauthenticated attacker due to improper sanitization of the user inputs on the network. On successful exploitation, an attacker can access certain reports causing a limited impact on confidentiality of the application data. | |||||
CVE-2022-28772 | 1 Sap | 2 Netweaver, Web Dispatcher | 2022-04-20 | 5.0 MEDIUM | 7.5 HIGH |
By overlong input values an attacker may force overwrite of the internal program stack in SAP Web Dispatcher - versions 7.53, 7.77, 7.81, 7.85, 7.86, or Internet Communication Manager - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, which makes these programs unavailable, leading to denial of service. | |||||
CVE-2022-28770 | 1 Sap | 1 Sapui5 Library | 2022-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
Due to insufficient input validation, SAPUI5 library(vbm) - versions 750, 753, 754, 755, 75, allows an unauthenticated attacker to inject a script into the URL and execute code. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application. |