Vulnerabilities (CVE)

Filtered by vendor Sap Subscribe
Total 1426 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-21476 1 Sap 1 Ui5 2021-04-01 5.8 MEDIUM 6.1 MEDIUM
SAP UI5 versions before 1.38.49, 1.52.49, 1.60.34, 1.71.31, 1.78.18, 1.84.5, 1.85.4, 1.86.1 allows an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.
CVE-2021-27593 1 Sap 1 3d Visual Enterprise Viewer 2021-03-26 4.3 MEDIUM 3.3 LOW
When a user opens manipulated Graphics Interchange Format (.GIF) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.
CVE-2021-27586 1 Sap 1 3d Visual Enterprise Viewer 2021-03-25 6.8 MEDIUM 7.8 HIGH
When a user opens manipulated Interchange File Format (.IFF) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application.
CVE-2021-27587 1 Sap 1 3d Visual Enterprise Viewer 2021-03-25 6.8 MEDIUM 7.8 HIGH
When a user opens manipulated Jupiter Tessellation (.JT) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application.
CVE-2021-27588 1 Sap 1 3d Visual Enterprise Viewer 2021-03-25 6.8 MEDIUM 7.8 HIGH
When a user opens manipulated HPGL format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application.
CVE-2021-27589 1 Sap 1 3d Visual Enterprise Viewer 2021-03-25 6.8 MEDIUM 7.8 HIGH
When a user opens manipulated Scalable Vector Graphics (.SVG) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application.
CVE-2021-27592 1 Sap 1 3d Visual Enterprise Viewer 2021-03-25 6.8 MEDIUM 7.8 HIGH
When a user opens manipulated Universal 3D (.U3D) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.
CVE-2021-27591 1 Sap 1 3d Visual Enterprise Viewer 2021-03-25 6.8 MEDIUM 7.8 HIGH
When a user opens manipulated Portable Document Format (.PDF) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application.
CVE-2021-27590 1 Sap 1 3d Visual Enterprise Viewer 2021-03-25 6.8 MEDIUM 7.8 HIGH
When a user opens manipulated Tag Image File Format (.TIFF) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application.
CVE-2021-27585 1 Sap 1 3d Visual Enterprise Viewer 2021-03-25 6.8 MEDIUM 7.8 HIGH
When a user opens manipulated Computer Graphics Metafile (.CGM) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application.
CVE-2021-21493 1 Sap 1 3d Visual Enterprise Viewer 2021-03-19 4.3 MEDIUM 3.3 LOW
When a user opens manipulated Graphics Interchange Format (.GIF) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application.
CVE-2021-21491 1 Sap 1 Netweaver Application Server Java 2021-03-17 5.8 MEDIUM 6.1 MEDIUM
SAP Netweaver Application Server Java (Applications based on WebDynpro Java) versions 7.00, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allow an attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.
CVE-2021-21488 1 Sap 1 Netweaver Knowledge Management 2021-03-17 4.0 MEDIUM 6.5 MEDIUM
Knowledge Management versions 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 allows a remote attacker with basic privileges to deserialize user-controlled data without verification, leading to insecure deserialization which triggers the attacker’s code, therefore impacting Availability.
CVE-2021-21487 1 Sap 1 Payment Engine 2021-03-16 6.5 MEDIUM 8.8 HIGH
SAP Payment Engine version 500, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
CVE-2021-21486 1 Sap 1 Enterprise Financial Services 2021-03-16 6.5 MEDIUM 8.8 HIGH
SAP Enterprise Financial Services versions, 101, 102, 103, 104, 105, 600, 603, 604, 605, 606, 616, 617, 618, 800, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
CVE-2021-21484 1 Sap 1 Hana 2021-03-16 6.8 MEDIUM 9.8 CRITICAL
LDAP authentication in SAP HANA Database version 2.0 can be bypassed if the attached LDAP directory server is configured to enable unauthenticated bind.
CVE-2021-21481 1 Sap 1 Netweaver 2021-03-16 8.3 HIGH 8.8 HIGH
The MigrationService, which is part of SAP NetWeaver versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform an authorization check. This might allow an unauthorized attacker to access configuration objects, including such that grant administrative privileges. This could result in complete compromise of system confidentiality, integrity, and availability.
CVE-2021-27584 1 Sap 1 3d Visual Enterprise Viewer 2021-03-10 4.3 MEDIUM 3.3 LOW
When a user opens manipulated PhotoShop Document (.PSD) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application.
CVE-2021-21445 1 Sap 1 Commerce Cloud 2021-03-04 3.5 LOW 5.4 MEDIUM
SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, 2011, allows an authenticated attacker to include invalidated data in the HTTP response Content Type header, due to improper input validation, and sent to a Web user. A successful exploitation of this vulnerability may lead to advanced attacks, including cross-site scripting and page hijacking.
CVE-2021-21447 1 Sap 1 Businessobjects Business Intelligence 2021-03-04 3.5 LOW 5.4 MEDIUM
SAP BusinessObjects Business Intelligence platform, versions 410, 420, allows an authenticated attacker to inject malicious JavaScript payload into the custom value input field of an Input Control, which can be executed by User who views the relevant application content, which leads to Stored Cross-Site Scripting.