Vulnerabilities (CVE)

Filtered by vendor Sap Subscribe
Total 1426 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-6333 1 Sap 1 3d Visual Enterprise Viewer 2021-12-02 4.3 MEDIUM 4.3 MEDIUM
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated 3DM file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
CVE-2020-6332 1 Sap 1 3d Visual Enterprise Viewer 2021-12-01 4.3 MEDIUM 4.3 MEDIUM
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HPGL file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
CVE-2020-6331 1 Sap 1 3d Visual Enterprise Viewer 2021-12-01 4.3 MEDIUM 4.3 MEDIUM
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HPGL file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
CVE-2020-6330 1 Sap 1 3d Visual Enterprise Viewer 2021-12-01 4.3 MEDIUM 4.3 MEDIUM
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated 3DM file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
CVE-2020-6328 1 Sap 1 3d Visual Enterprise Viewer 2021-12-01 4.3 MEDIUM 4.3 MEDIUM
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated CGM file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
CVE-2020-6329 1 Sap 1 3d Visual Enterprise Viewer 2021-12-01 4.3 MEDIUM 4.3 MEDIUM
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated SKP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
CVE-2020-6327 1 Sap 1 3d Visual Enterprise Viewer 2021-12-01 4.3 MEDIUM 4.3 MEDIUM
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated 3DM file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
CVE-2020-6322 1 Sap 1 3d Visual Enterprise Viewer 2021-12-01 4.3 MEDIUM 4.3 MEDIUM
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated 3DM file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
CVE-2020-6321 1 Sap 1 3d Visual Enterprise Viewer 2021-12-01 4.3 MEDIUM 6.5 MEDIUM
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated U3D file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
CVE-2020-6314 1 Sap 1 3d Visual Enterprise Viewer 2021-12-01 4.3 MEDIUM 4.3 MEDIUM
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HPGL file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
CVE-2021-40503 1 Sap 1 Gui For Windows 2021-11-29 2.1 LOW 7.8 HIGH
An information disclosure vulnerability exists in SAP GUI for Windows - versions < 7.60 PL13, 7.70 PL4, which allows an attacker with sufficient privileges on the local client-side PC to obtain an equivalent of the user’s password. With this highly sensitive data leaked, the attacker would be able to logon to the backend system the SAP GUI for Windows was connected to and launch further attacks depending on the authorizations of the user.
CVE-2021-40502 1 Sap 1 Commerce 2021-11-28 6.5 MEDIUM 8.8 HIGH
SAP Commerce - versions 2105.3, 2011.13, 2005.18, 1905.34, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. Authenticated attackers will be able to access and edit data from b2b units they do not belong to.
CVE-2021-41251 1 Sap 1 Cloud Sdk 2021-11-15 2.6 LOW 5.9 MEDIUM
@sap-cloud-sdk/core contains the core functionality of the SAP Cloud SDK as well as the SAP Business Technology Platform abstractions. This affects applications on SAP Business Technology Platform that use the SAP Cloud SDK and enabled caching of destinations. In affected versions and in some cases, when user information was missing, destinations were cached without user information, allowing other users to retrieve the same destination with its permissions. By default, destination caching is disabled. The security for caching has been increased. The changes are released in version 1.52.0. Users unable to upgrade are advised to disable destination caching (it is disabled by default).
CVE-2021-42062 1 Sap 1 Erp Human Capital Management 2021-11-15 4.0 MEDIUM 4.3 MEDIUM
SAP ERP HCM Portugal does not perform necessary authorization checks for a report that reads the payroll data of employees in a certain area. Since the affected report only reads the payroll information, the attacker can neither modify any information nor cause availability impacts.
CVE-2021-40501 1 Sap 1 Abap Platform Kernel 2021-11-12 5.5 MEDIUM 8.1 HIGH
SAP ABAP Platform Kernel - versions 7.77, 7.81, 7.85, 7.86, does not perform necessary authorization checks for an authenticated business user, resulting in escalation of privileges. That means this business user is able to read and modify data beyond the vulnerable system. However, the attacker can neither significantly reduce the performance of the system nor stop the system.
CVE-2021-27635 1 Sap 1 Netweaver Application Server For Java 2021-11-04 5.5 MEDIUM 6.5 MEDIUM
SAP NetWeaver AS for JAVA, versions - 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker authenticated as an administrator to connect over a network and submit a specially crafted XML file in the application because of missing XML Validation, this vulnerability enables attacker to fully compromise confidentiality by allowing them to read any file on the filesystem or fully compromise availability by causing the system to crash. The attack cannot be used to change any data so that there is no compromise as to integrity.
CVE-2021-38183 1 Sap 1 Netweaver 2021-10-19 4.3 MEDIUM 6.1 MEDIUM
SAP NetWeaver - versions 700, 701, 702, 730, does not sufficiently encode user-controlled inputs, allowing an attacker to cause a potential victim to supply a malicious content to a vulnerable web application, which is then reflected to the victim and executed by the web browser, resulting in Cross-Site Scripting vulnerability.
CVE-2021-40497 1 Sap 1 Businessobjects Analysis 2021-10-18 5.0 MEDIUM 5.3 MEDIUM
SAP BusinessObjects Analysis (edition for OLAP) - versions 420, 430, allows an attacker to exploit certain application endpoints to read sensitive data. These endpoints are normally exposed over the network and successful exploitation could lead to exposure of some system specific data like its version.
CVE-2021-40498 1 Sap 1 Successfactors Mobile 2021-10-18 2.1 LOW 5.5 MEDIUM
A vulnerability has been identified in SAP SuccessFactors Mobile Application for Android - versions older than 2108, which allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service, which can lead to denial of service. The vulnerability is related to Android implementation methods that are widely used across Android mobile applications, and such methods are embedded into the SAP SuccessFactors mobile application. These Android methods begin executing once the user accesses their profile on the mobile application. While executing, it can also pick up the activities from other Android applications that are running in the background of the users device and are using the same types of methods in the application. Such vulnerability can also lead to phishing attacks that can be used for staging other types of attacks.
CVE-2021-40499 1 Sap 1 Netweaver Application Server Abap 2021-10-18 7.5 HIGH 9.8 CRITICAL
Client-side printing services SAP Cloud Print Manager and SAPSprint for SAP NetWeaver Application Server for ABAP - versions 7.70, 7.70 PI, 7.70 BYD, allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.