Filtered by vendor Sap
Subscribe
Total
1426 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-21476 | 1 Sap | 1 Ui5 | 2021-04-01 | 5.8 MEDIUM | 6.1 MEDIUM |
| SAP UI5 versions before 1.38.49, 1.52.49, 1.60.34, 1.71.31, 1.78.18, 1.84.5, 1.85.4, 1.86.1 allows an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities. | |||||
| CVE-2021-27593 | 1 Sap | 1 3d Visual Enterprise Viewer | 2021-03-26 | 4.3 MEDIUM | 3.3 LOW |
| When a user opens manipulated Graphics Interchange Format (.GIF) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | |||||
| CVE-2021-27586 | 1 Sap | 1 3d Visual Enterprise Viewer | 2021-03-25 | 6.8 MEDIUM | 7.8 HIGH |
| When a user opens manipulated Interchange File Format (.IFF) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application. | |||||
| CVE-2021-27587 | 1 Sap | 1 3d Visual Enterprise Viewer | 2021-03-25 | 6.8 MEDIUM | 7.8 HIGH |
| When a user opens manipulated Jupiter Tessellation (.JT) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application. | |||||
| CVE-2021-27588 | 1 Sap | 1 3d Visual Enterprise Viewer | 2021-03-25 | 6.8 MEDIUM | 7.8 HIGH |
| When a user opens manipulated HPGL format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application. | |||||
| CVE-2021-27589 | 1 Sap | 1 3d Visual Enterprise Viewer | 2021-03-25 | 6.8 MEDIUM | 7.8 HIGH |
| When a user opens manipulated Scalable Vector Graphics (.SVG) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application. | |||||
| CVE-2021-27592 | 1 Sap | 1 3d Visual Enterprise Viewer | 2021-03-25 | 6.8 MEDIUM | 7.8 HIGH |
| When a user opens manipulated Universal 3D (.U3D) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | |||||
| CVE-2021-27591 | 1 Sap | 1 3d Visual Enterprise Viewer | 2021-03-25 | 6.8 MEDIUM | 7.8 HIGH |
| When a user opens manipulated Portable Document Format (.PDF) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application. | |||||
| CVE-2021-27590 | 1 Sap | 1 3d Visual Enterprise Viewer | 2021-03-25 | 6.8 MEDIUM | 7.8 HIGH |
| When a user opens manipulated Tag Image File Format (.TIFF) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application. | |||||
| CVE-2021-27585 | 1 Sap | 1 3d Visual Enterprise Viewer | 2021-03-25 | 6.8 MEDIUM | 7.8 HIGH |
| When a user opens manipulated Computer Graphics Metafile (.CGM) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application. | |||||
| CVE-2021-21493 | 1 Sap | 1 3d Visual Enterprise Viewer | 2021-03-19 | 4.3 MEDIUM | 3.3 LOW |
| When a user opens manipulated Graphics Interchange Format (.GIF) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application. | |||||
| CVE-2021-21491 | 1 Sap | 1 Netweaver Application Server Java | 2021-03-17 | 5.8 MEDIUM | 6.1 MEDIUM |
| SAP Netweaver Application Server Java (Applications based on WebDynpro Java) versions 7.00, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allow an attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities. | |||||
| CVE-2021-21488 | 1 Sap | 1 Netweaver Knowledge Management | 2021-03-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| Knowledge Management versions 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 allows a remote attacker with basic privileges to deserialize user-controlled data without verification, leading to insecure deserialization which triggers the attacker’s code, therefore impacting Availability. | |||||
| CVE-2021-21487 | 1 Sap | 1 Payment Engine | 2021-03-16 | 6.5 MEDIUM | 8.8 HIGH |
| SAP Payment Engine version 500, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | |||||
| CVE-2021-21486 | 1 Sap | 1 Enterprise Financial Services | 2021-03-16 | 6.5 MEDIUM | 8.8 HIGH |
| SAP Enterprise Financial Services versions, 101, 102, 103, 104, 105, 600, 603, 604, 605, 606, 616, 617, 618, 800, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | |||||
| CVE-2021-21484 | 1 Sap | 1 Hana | 2021-03-16 | 6.8 MEDIUM | 9.8 CRITICAL |
| LDAP authentication in SAP HANA Database version 2.0 can be bypassed if the attached LDAP directory server is configured to enable unauthenticated bind. | |||||
| CVE-2021-21481 | 1 Sap | 1 Netweaver | 2021-03-16 | 8.3 HIGH | 8.8 HIGH |
| The MigrationService, which is part of SAP NetWeaver versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform an authorization check. This might allow an unauthorized attacker to access configuration objects, including such that grant administrative privileges. This could result in complete compromise of system confidentiality, integrity, and availability. | |||||
| CVE-2021-27584 | 1 Sap | 1 3d Visual Enterprise Viewer | 2021-03-10 | 4.3 MEDIUM | 3.3 LOW |
| When a user opens manipulated PhotoShop Document (.PSD) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application. | |||||
| CVE-2021-21445 | 1 Sap | 1 Commerce Cloud | 2021-03-04 | 3.5 LOW | 5.4 MEDIUM |
| SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, 2011, allows an authenticated attacker to include invalidated data in the HTTP response Content Type header, due to improper input validation, and sent to a Web user. A successful exploitation of this vulnerability may lead to advanced attacks, including cross-site scripting and page hijacking. | |||||
| CVE-2021-21447 | 1 Sap | 1 Businessobjects Business Intelligence | 2021-03-04 | 3.5 LOW | 5.4 MEDIUM |
| SAP BusinessObjects Business Intelligence platform, versions 410, 420, allows an authenticated attacker to inject malicious JavaScript payload into the custom value input field of an Input Control, which can be executed by User who views the relevant application content, which leads to Stored Cross-Site Scripting. | |||||