Filtered by vendor Sap
Subscriptions
Total
1502 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-27669 | 1 Sap | 1 Netweaver Application Server For Java | 2024-11-21 | 7.5 High |
| An unauthenticated user can use functions of XML Data Archiving Service of SAP NetWeaver Application Server for Java - version 7.50, to which access should be restricted. This may result in an escalation of privileges. | ||||
| CVE-2022-27668 | 1 Sap | 4 Netweaver As Abap, Netweaver As Abap Krnl64nuc, Netweaver As Abap Krnl64uc and 1 more | 2024-11-21 | 9.8 Critical |
| Depending on the configuration of the route permission table in file 'saprouttab', it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, from a remote client, for example stopping the SAProuter, that could highly impact systems availability. | ||||
| CVE-2022-27667 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | 7.5 High |
| Under certain conditions, SAP BusinessObjects Business Intelligence platform, Client Management Console (CMC) - version 430, allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure. | ||||
| CVE-2022-27658 | 1 Sap | 1 Innovation Management | 2024-11-21 | 7.5 High |
| Under certain conditions, SAP Innovation management - version 2.0, allows an attacker to access information which could lead to information gathering for further exploits and attacks. | ||||
| CVE-2022-27657 | 1 Sap | 1 Focused Run | 2024-11-21 | 2.7 Low |
| A highly privileged remote attacker, can gain unauthorized access to display contents of restricted directories by exploiting insufficient validation of path information in SAP Focused Run (Simple Diagnostics Agent 1.0) - version 1.0. | ||||
| CVE-2022-27656 | 1 Sap | 3 Netweaver As Abap Kernel, Netweaver As Abap Krnl64uc, Webdispatcher | 2024-11-21 | 6.1 Medium |
| The Web administration UI of SAP Web Dispatcher and the Internet Communication Manager (ICM) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2022-27655 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-11-21 | 6.5 Medium |
| When a user opens a manipulated Universal 3D (.u3d, 3difr.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. | ||||
| CVE-2022-27654 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-11-21 | 6.5 Medium |
| When a user opens a manipulated Photoshop Document (.psd, 2d.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. | ||||
| CVE-2022-26109 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-11-21 | 6.5 Medium |
| When a user opens a manipulated Portable Document Format (.pdf, PDFView.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. | ||||
| CVE-2022-26108 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-11-21 | 6.5 Medium |
| When a user opens a manipulated Picture Exchange (.pcx, 2d.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. | ||||
| CVE-2022-26107 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-11-21 | 6.5 Medium |
| When a user opens a manipulated Jupiter Tesselation (.jt, JTReader.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. | ||||
| CVE-2022-26106 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-11-21 | 6.5 Medium |
| When a user opens a manipulated Computer Graphics Metafile (.cgm, CgmCore.dll) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. | ||||
| CVE-2022-26105 | 1 Sap | 1 Netweaver Enterprise Portal | 2024-11-21 | 6.1 Medium |
| SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the Network. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application. | ||||
| CVE-2022-26104 | 1 Sap | 1 Financial Consolidation | 2024-11-21 | 5.3 Medium |
| SAP Financial Consolidation - version 10.1, does not perform necessary authorization checks for updating homepage messages, resulting for an unauthorized user to alter the maintenance system message. | ||||
| CVE-2022-26103 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-21 | 5.3 Medium |
| Under certain conditions, SAP NetWeaver (Real Time Messaging Framework) - version 7.50, allows an attacker to access information which could lead to information gathering for further exploits and attacks. | ||||
| CVE-2022-26102 | 1 Sap | 1 Netweaver Application Server Abap | 2024-11-21 | 5.4 Medium |
| Due to missing authorization check, SAP NetWeaver Application Server for ABAP - versions 700, 701, 702, 731, allows an authenticated attacker, to access content on the start screen of any transaction that is available with in the same SAP system even if he/she isn't authorized for that transaction. A successful exploitation could expose information and in worst case manipulate data before the start screen is executed, resulting in limited impact on confidentiality and integrity of the application. | ||||
| CVE-2022-26101 | 1 Sap | 1 Fiori Launchpad | 2024-11-21 | 6.1 Medium |
| Fiori launchpad - versions 754, 755, 756, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2022-26100 | 1 Sap | 1 Sapcar | 2024-11-21 | 9.8 Critical |
| SAPCAR - version 7.22, does not contain sufficient input validation on the SAPCAR archive. As a result, the SAPCAR process may crash, and the attacker may obtain privileged access to the system. | ||||
| CVE-2022-24399 | 1 Sap | 1 Focused Run | 2024-11-21 | 6.1 Medium |
| The SAP Focused Run (Real User Monitoring) - versions 200, 300, REST service does not sufficiently sanitize the input name of the file using multipart/form-data, resulting in Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2022-24398 | 1 Sap | 1 Business Objects Business Intelligence Platform | 2024-11-21 | 6.5 Medium |
| Under certain conditions SAP Business Objects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker to access information which would otherwise be restricted. | ||||