Skip to main content

SAP

1669 CVEs vendor

Monthly

CVE-2023-0018 MEDIUM This Month

Due to improper input sanitization of user-controlled input in SAP BusinessObjects Business Intelligence Platform CMC application - versions 420, and 430, an attacker with basic user-level privileges. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP XSS Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-0017 CRITICAL Act Now

An unauthenticated attacker in SAP NetWeaver AS for Java - version 7.50, due to improper access control, can attach to an open interface and make use of an open naming and directory API to access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Java Authentication Bypass Netweaver Application Server For Java
NVD
CVSS 3.1
9.8
EPSS
15.7%
CVE-2023-0016 HIGH This Week

SAP BPC MS 10.0 - version 810, allows an unauthorized attacker to execute crafted database queries. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP SQLi Business Planning And Consolidation
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-0015 MEDIUM This Month

In SAP BusinessObjects Business Intelligence Platform (Web Intelligence user interface) - version 420, some calls return json with wrong content type in the header of the response. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP XSS Business Objects Business Intelligence Platform
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-0014 CRITICAL Act Now

SAP NetWeaver ABAP Server and ABAP Platform - versions SAP_BASIS 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Information Disclosure Netweaver Application Server Abap Netweaver Application Server Abap Kernel Netweaver Application Server Abap Krnl64Nuc +1
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-0013 MEDIUM This Month

The ABAP Keyword Documentation of SAP NetWeaver Application Server - versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, for ABAP and ABAP Platform does not sufficiently encode. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP XSS Netweaver Application Server Abap
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-0012 MEDIUM This Month

In SAP Host Agent (Windows) - versions 7.21, 7.22, an attacker who gains local membership to SAP_LocalAdmin could be able to replace executables with a malicious file that will be started under a. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

SAP Microsoft Authentication Bypass Host Agent
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2022-41275 MEDIUM This Month

In SAP Solution Manager (Enterprise Search) - versions 740, and 750, an unauthenticated attacker can generate a link that, if clicked by a logged-in user, can be redirected to a malicious page that. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Open Redirect Solution Manager
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-41274 MEDIUM This Month

SAP Disclosure Management - version 10.1, allows an authenticated attacker to exploit certain misconfigured application endpoints to read sensitive data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Authentication Bypass Disclosure Management
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-41273 MEDIUM This Month

Due to improper input sanitization in SAP Sourcing and SAP Contract Lifecycle Management - version 1100, an attacker can redirect a user to a malicious website. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Open Redirect Contract Lifecycle Manager Sourcing
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-41272 HIGH This Week

An unauthenticated attacker over the network can attach to an open interface exposed through JNDI by the User Defined Search (UDS) of SAP NetWeaver Process Integration (PI) - version 7.50 and make. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP SQLi Netweaver Process Integration
NVD
CVSS 3.1
8.6
EPSS
1.0%
CVE-2022-41271 CRITICAL Act Now

An unauthenticated user can attach to an open interface exposed through JNDI by the Messaging System of SAP NetWeaver Process Integration (PI) - version 7.50. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP SQLi Denial Of Service Netweaver Process Integration
NVD
CVSS 3.1
9.4
EPSS
0.6%
CVE-2022-41268 HIGH This Week

In some SAP standard roles in SAP Business Planning and Consolidation - versions - SAP_BW 750, 751, 752, 753, 754, 755, 756, 757, DWCORE 200, 300, CPMBPC 810, a transaction code reserved for the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

SAP Privilege Escalation Business Planning And Consolidation
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-41267 HIGH This Week

SAP Business Objects Platform - versions 420, and 430, allows an attacker with normal BI user privileges to upload/replace any file on Business Objects server at the operating system level, enabling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP File Upload Business Objects Business Intelligence Platform
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-41266 MEDIUM This Month

Due to a lack of proper input validation, SAP Commerce Webservices 2.0 (Swagger UI) - versions 1905, 2005, 2105, 2011, 2205, allows malicious inputs from untrusted sources, which can be leveraged by. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP XSS Commerce Webservices 2 0
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-41264 HIGH This Week

Due to the unrestricted scope of the RFC function module, SAP BASIS - versions 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, 791, allows an authenticated non-administrator attacker to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP RCE Code Injection Basis
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-41263 MEDIUM This Month

Due to a missing authentication check, SAP Business Objects Business Intelligence Platform (Web Intelligence) - versions 420, 430, allows an authenticated non-administrator attacker to modify the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP CSRF Authentication Bypass Business Objects Business Intelligence Platform
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2022-41262 MEDIUM This Month

Due to insufficient input validation, SAP NetWeaver AS Java (HTTP Provider Service) - version 7.50, allows an unauthenticated attacker to inject a script into a web request header. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Java XSS Netweaver Application Server Java
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-41261 MEDIUM This Month

SAP Solution Manager (Diagnostic Agent) - version 7.20, allows an authenticated attacker on Windows system to access a file containing sensitive data which can be used to access a configuration file. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

SAP Information Disclosure Authentication Bypass Microsoft Solution Manager
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-31596 MEDIUM This Month

Under certain conditions, an attacker authenticated as a CMS administrator and with high privileges access to the Network in SAP BusinessObjects Business Intelligence Platform (Monitoring DB) -. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Business Objects Business Intelligence Platform
NVD
CVSS 3.1
6.0
EPSS
0.7%
CVE-2022-41260 MEDIUM This Month

SAP Financial Consolidation - version 1010, does not sufficiently encode user-controlled input which may allow an unauthenticated attacker to inject a web script via a GET request. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP XSS Financial Consolidation
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-41259 MEDIUM This Month

SAP SQL Anywhere - version 17.0, allows an authenticated attacker to prevent legitimate users from accessing a SQL Anywhere database server by crashing the server with some queries that use an ARRAY. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP SQLi Sql Anywhere
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-41258 MEDIUM This Month

Due to insufficient input validation, SAP Financial Consolidation - version 1010, allows an authenticated attacker to inject malicious script when running a common query in the Web Administration. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP XSS Financial Consolidation
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-41215 MEDIUM This Month

SAP NetWeaver ABAP Server and ABAP Platform allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Open Redirect Netweaver Application Server Abap
NVD
CVSS 3.1
4.7
EPSS
0.4%
CVE-2022-41214 HIGH This Week

Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to delete a file which is. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Netweaver Application Server Abap
NVD
CVSS 3.1
8.7
EPSS
0.7%
CVE-2022-41212 MEDIUM This Month

Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to read a file which is. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal SAP Netweaver Application Server Abap
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2022-41211 HIGH This Week

Due to lack of proper memory management, when a victim opens manipulated file received from untrusted sources in SAP 3D Visual Enterprise Author and SAP 3D Visual Enterprise Viewer, Arbitrary Code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SAP RCE Buffer Overflow 3D Visual Enterprise Author 3D Visual Enterprise Viewer
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-41208 MEDIUM This Month

Due to insufficient input validation, SAP Financial Consolidation - version 1010, allows an authenticated attacker with user privileges to alter current user session. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP XSS Financial Consolidation
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-41207 MEDIUM This Month

SAP Biller Direct allows an unauthenticated attacker to craft a legitimate looking URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Open Redirect Biller Direct
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-41205 MEDIUM This Month

SAP GUI allows an authenticated attacker to execute scripts in the local network. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

SAP RCE Code Injection Gui
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2022-41203 HIGH This Week

In some workflow of SAP BusinessObjects BI Platform (Central Management Console and BI LaunchPad), an authenticated attacker with low privileges can intercept a serialized object in the parameters. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Deserialization Businessobjects Business Intelligence
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-41210 MEDIUM This Month

SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses insecure random number generator program which makes it easy for the attacker to predict future random numbers. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure SAP Customer Data Cloud
NVD
CVSS 3.1
5.2
EPSS
0.4%
CVE-2022-41209 MEDIUM This Month

SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses encryption method which lacks proper diffusion and does not hide the patterns well. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure SAP Customer Data Cloud
NVD
CVSS 3.1
5.2
EPSS
0.2%
CVE-2022-41206 MEDIUM This Month

SAP BusinessObjects Business Intelligence platform (Analysis for OLAP) - versions 420, 430, allows an authenticated attacker to send user-controlled inputs when OLAP connections are created and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Businessobjects Business Intelligence
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-41204 HIGH This Week

An attacker can change the content of an SAP Commerce - versions 1905, 2005, 2105, 2011, 2205, login page through a manipulated URL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Open Redirect Commerce
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-41202 HIGH This Week

Due to lack of proper memory management, when a victim opens a manipulated Visual Design Stream (.vds, vds.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE SAP Buffer Overflow 3D Visual Enterprise Viewer
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-41201 HIGH This Week

Due to lack of proper memory management, when a victim opens a manipulated Right Hemisphere Binary (.rh, rh.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE SAP Buffer Overflow 3D Visual Enterprise Viewer
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-41200 HIGH This Week

Due to lack of proper memory management, when a victim opens a manipulated Scalable Vector Graphic (.svg, svg.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE SAP Buffer Overflow 3D Visual Enterprise Viewer
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-41199 HIGH This Week

Due to lack of proper memory management, when a victim opens a manipulated Open Inventor File (.iv, vrml.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE SAP Buffer Overflow 3D Visual Enterprise Viewer
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-41198 HIGH This Week

Due to lack of proper memory management, when a victim opens a manipulated SketchUp (.skp, SketchUp.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE SAP Buffer Overflow 3D Visual Enterprise Viewer
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-41197 HIGH This Week

Due to lack of proper memory management, when a victim opens a manipulated VRML Worlds (.wrl, vrml.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SAP Buffer Overflow 3D Visual Enterprise Viewer
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-41196 HIGH This Week

Due to lack of proper memory management, when a victim opens a manipulated VRML Worlds (.wrl, vrml.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE SAP Buffer Overflow 3D Visual Enterprise Viewer
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-41195 HIGH This Week

Due to lack of proper memory management, when a victim opens a manipulated EAAmiga Interchange File Format (.iff, 2d.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer -. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE SAP Buffer Overflow 3D Visual Enterprise Viewer
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-41194 HIGH This Week

Due to lack of proper memory management, when a victim opens a manipulated Encapsulated Postscript (.eps, ai.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SAP Buffer Overflow 3D Visual Enterprise Viewer
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-41193 HIGH This Week

Due to lack of proper memory management, when a victim opens a manipulated Encapsulated Post Script (.eps, ai.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE SAP Buffer Overflow 3D Visual Enterprise Viewer
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-41192 HIGH This Week

Due to lack of proper memory management, when a victim opens manipulated Jupiter Tesselation (.jt, JTReader.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SAP Buffer Overflow 3D Visual Enterprise Viewer
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-41191 HIGH This Week

Due to lack of proper memory management, when a victim opens a manipulated Jupiter Tesselation (.jt, JTReader.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE SAP Buffer Overflow 3D Visual Enterprise Viewer
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-41190 HIGH This Week

Due to lack of proper memory management, when a victim opens a manipulated AutoCAD (.dxf, TeighaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE SAP Buffer Overflow 3D Visual Enterprise Viewer
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-41189 HIGH This Week

Due to lack of proper memory management, when a victim opens a manipulated AutoCAD (.dwg, TeighaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE SAP Buffer Overflow 3D Visual Enterprise Viewer
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-41188 HIGH This Week

Due to lack of proper memory management, when a victim opens manipulated Wavefront Object (.obj, ObjTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SAP Buffer Overflow 3D Visual Enterprise Viewer
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-41187 HIGH This Week

Due to lack of proper memory management, when a victim opens a manipulated Wavefront Object (.obj, ObjTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE SAP Buffer Overflow 3D Visual Enterprise Viewer
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-41186 HIGH This Week

Due to lack of proper memory management, when a victim opens manipulated Computer Graphics Metafile (.cgm, CgmCore.dll) file received from untrusted sources in SAP 3D Visual Enterprise Viewer -. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE SAP Buffer Overflow 3D Visual Enterprise Viewer
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-41185 HIGH This Week

Due to lack of proper memory management, when a victim opens a manipulated Visual Design Stream (.vds, MataiPersistence.dll) file received from untrusted sources in SAP 3D Visual Enterprise Author -. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE SAP Buffer Overflow 3D Visual Enterprise Author
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-41184 HIGH This Week

Due to lack of proper memory management, when a victim opens a manipulated Windows Cursor File (.cur, ico.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE SAP Buffer Overflow 3D Visual Enterprise Author
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-41183 MEDIUM This Month

Due to lack of proper memory management, when a victim opens manipulated Windows Cursor File (.cur, ico.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft SAP Buffer Overflow 3D Visual Enterprise Author
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-41182 MEDIUM This Month

Due to lack of proper memory management, when a victim opens manipulated Parasolid Part and Assembly (.x_b, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SAP Buffer Overflow 3D Visual Enterprise Author
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-41181 MEDIUM This Month

Due to lack of proper memory management, when a victim opens manipulated Portable Document Format (.pdf, PDFPublishing.dll) file received from untrusted sources in SAP 3D Visual Enterprise Author -. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SAP Buffer Overflow 3D Visual Enterprise Author
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-41180 HIGH This Week

Due to lack of proper memory management, when a victim opens a manipulated Portable Document Format (.pdf, PDFPublishing.dll) file received from untrusted sources in SAP 3D Visual Enterprise Author -. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE SAP Buffer Overflow 3D Visual Enterprise Author
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-41179 HIGH This Week

Due to lack of proper memory management, when a victim opens a manipulated Jupiter Tesselation (.jt, JtTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author -. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE SAP Buffer Overflow 3D Visual Enterprise Author
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-41178 MEDIUM This Month

Due to lack of proper memory management, when a victim opens manipulated Iges Part and Assembly (.igs, .iges, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SAP Buffer Overflow 3D Visual Enterprise Author
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-41177 HIGH This Week

Due to lack of proper memory management, when a victim opens a manipulated Iges Part and Assembly (.igs, .iges, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE SAP Buffer Overflow 3D Visual Enterprise Author
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-41176 MEDIUM This Month

Due to lack of proper memory management, when a victim opens manipulated Enhanced Metafile (.emf, emf.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SAP Buffer Overflow 3D Visual Enterprise Author
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-41175 HIGH This Week

Due to lack of proper memory management, when a victim opens a manipulated Enhanced Metafile (.emf, emf.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE SAP Buffer Overflow 3D Visual Enterprise Author
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-41174 MEDIUM This Month

Due to lack of proper memory management, when a victim opens manipulated Right Hemisphere Material (.rhm, rh.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9,. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SAP Buffer Overflow 3D Visual Enterprise Author
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-41173 MEDIUM This Month

Due to lack of proper memory management, when a victim opens manipulated AutoCAD (.dxf, TeighaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SAP Buffer Overflow 3D Visual Enterprise Author
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-41172 HIGH This Week

Due to lack of proper memory management, when a victim opens a manipulated AutoCAD (.dxf, TeighaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE SAP Buffer Overflow 3D Visual Enterprise Author
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-41171 MEDIUM This Month

Due to lack of proper memory management, when a victim opens manipulated CATIA4 Part (.model, CatiaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9,. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SAP Buffer Overflow 3D Visual Enterprise Author
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-41170 HIGH This Week

Due to lack of proper memory management, when a victim opens a manipulated CATIA4 Part (.model, CatiaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE SAP Buffer Overflow 3D Visual Enterprise Author
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-41169 MEDIUM This Month

Due to lack of proper memory management, when a victim opens manipulated CATIA5 Part (.catpart, CatiaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SAP Buffer Overflow 3D Visual Enterprise Author
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-41168 HIGH This Week

Due to lack of proper memory management, when a victim opens a manipulated CATIA5 Part (.catpart, CatiaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author -. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE SAP Buffer Overflow 3D Visual Enterprise Author
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-41167 HIGH This Week

Due to lack of proper memory management, when a victim opens a manipulated AutoCAD (.dwg, TeighaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE SAP Buffer Overflow 3D Visual Enterprise Author
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-41166 MEDIUM This Month

Due to lack of proper memory management, when a victim opens manipulated Wavefront Object (.obj, ObjTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SAP Buffer Overflow 3D Visual Enterprise Author
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-39808 HIGH This Week

Due to lack of proper memory management, when a victim opens a manipulated Wavefront Object (.obj, ObjTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE SAP Buffer Overflow 3D Visual Enterprise Author
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-39807 MEDIUM This Month

Due to lack of proper memory management, when a victim opens manipulated SolidWorks Drawing (.sldasm, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author -. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SAP Buffer Overflow 3D Visual Enterprise Author
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-39806 HIGH This Week

Due to lack of proper memory management, when a victim opens a manipulated SolidWorks Drawing (.slddrw, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE SAP Buffer Overflow 3D Visual Enterprise Author
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-39805 HIGH This Week

Due to lack of proper memory management, when a victim opens a manipulated Computer Graphics Metafile (.cgm, CgmTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE SAP Buffer Overflow 3D Visual Enterprise Author
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-39804 HIGH This Week

Due to lack of proper memory management, when a victim opens a manipulated SolidWorks Part (.sldprt, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author -. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE SAP Buffer Overflow 3D Visual Enterprise Author
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-39803 HIGH This Week

Due to lack of proper memory management, when a victim opens a manipulated ACIS Part and Assembly (.sat, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE SAP Buffer Overflow 3D Visual Enterprise Author
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-39802 HIGH This Week

SAP Manufacturing Execution - versions 15.1, 15.2, 15.3, allows an attacker to exploit insufficient validation of a file path request parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Path Traversal SAP Manufacturing Execution
NVD
CVSS 3.1
7.5
EPSS
6.4%
CVE-2022-39800 MEDIUM This Month

SAP BusinessObjects BI LaunchPad - versions 420, 430, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Businessobjects Business Intelligence
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-35299 CRITICAL Act Now

SAP SQL Anywhere - version 17.0, and SAP IQ - version 16.1, allows an attacker to leverage logical errors in memory management to cause a memory corruption, such as Stack-based buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Stack Overflow Buffer Overflow Sap Iq Sql Anywhere
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-35297 MEDIUM This Month

The application SAP Enable Now does not sufficiently encode user-controlled inputs over the network before it is placed in the output being served to other users, thereby expanding the attack scope,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Enable Now
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-35296 MEDIUM This Month

Under certain conditions, the application SAP BusinessObjects Business Intelligence Platform (Version Management System) exposes sensitive information to an actor over the network with high. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Businessobjects Business Intelligence
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2022-35226 MEDIUM This Month

SAP Data Services Management allows an attacker to copy the data from a request and echoed into the application's immediate response, it will lead to a Cross-Site Scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Data Services
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-39801 HIGH This Week

SAP GRC Access control Emergency Access Management allows an authenticated attacker to access a Firefighter session even after it is closed in Firefighter Logon Pad. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass SAP Access Control
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-39799 MEDIUM This Month

An attacker with no prior authentication could craft and send malicious script to SAP GUI for HTML within Fiori Launchpad, resulting in reflected cross-site scripting attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Netweaver Application Server Abap
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-39014 MEDIUM This Month

Under certain conditions SAP BusinessObjects Business Intelligence Platform Central Management Console (CMC) - version 430, allows an attacker to access certain unencrypted sensitive parameters which. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure SAP Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2022-35298 MEDIUM This Month

SAP NetWeaver Enterprise Portal (KMC) - version 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Netweaver Enterprise Portal
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-35295 MEDIUM POC This Month

In SAP Host Agent (SAPOSCOL) - version 7.22, an attacker may use files created by saposcol to escalate privileges for themselves. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SAP Privilege Escalation Host Agent
NVD
CVSS 3.1
4.9
EPSS
1.2%
CVE-2022-35294 MEDIUM This Month

An attacker with basic business user privileges could craft and upload a malicious file to SAP NetWeaver Application Server ABAP, which is then downloaded and viewed by other users resulting in a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure XSS SAP Netweaver Application Server Abap
NVD
CVSS 3.1
5.4
EPSS
0.4%
EPSS 1% CVSS 6.1
MEDIUM This Month

Due to improper input sanitization of user-controlled input in SAP BusinessObjects Business Intelligence Platform CMC application - versions 420, and 430, an attacker with basic user-level privileges. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP XSS Businessobjects Business Intelligence Platform
NVD
EPSS 16% CVSS 9.8
CRITICAL Act Now

An unauthenticated attacker in SAP NetWeaver AS for Java - version 7.50, due to improper access control, can attach to an open interface and make use of an open naming and directory API to access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Java Authentication Bypass +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

SAP BPC MS 10.0 - version 810, allows an unauthorized attacker to execute crafted database queries. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP SQLi Business Planning And Consolidation
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

In SAP BusinessObjects Business Intelligence Platform (Web Intelligence user interface) - version 420, some calls return json with wrong content type in the header of the response. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP XSS Business Objects Business Intelligence Platform
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

SAP NetWeaver ABAP Server and ABAP Platform - versions SAP_BASIS 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Information Disclosure Netweaver Application Server Abap +3
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

The ABAP Keyword Documentation of SAP NetWeaver Application Server - versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, for ABAP and ABAP Platform does not sufficiently encode. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP XSS Netweaver Application Server Abap
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In SAP Host Agent (Windows) - versions 7.21, 7.22, an attacker who gains local membership to SAP_LocalAdmin could be able to replace executables with a malicious file that will be started under a. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

SAP Microsoft Authentication Bypass +1
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

In SAP Solution Manager (Enterprise Search) - versions 740, and 750, an unauthenticated attacker can generate a link that, if clicked by a logged-in user, can be redirected to a malicious page that. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Open Redirect Solution Manager
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

SAP Disclosure Management - version 10.1, allows an authenticated attacker to exploit certain misconfigured application endpoints to read sensitive data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Authentication Bypass +1
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Due to improper input sanitization in SAP Sourcing and SAP Contract Lifecycle Management - version 1100, an attacker can redirect a user to a malicious website. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Open Redirect Contract Lifecycle Manager +1
NVD
EPSS 1% CVSS 8.6
HIGH This Week

An unauthenticated attacker over the network can attach to an open interface exposed through JNDI by the User Defined Search (UDS) of SAP NetWeaver Process Integration (PI) - version 7.50 and make. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP SQLi Netweaver Process Integration
NVD
EPSS 1% CVSS 9.4
CRITICAL Act Now

An unauthenticated user can attach to an open interface exposed through JNDI by the Messaging System of SAP NetWeaver Process Integration (PI) - version 7.50. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP SQLi Denial Of Service +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

In some SAP standard roles in SAP Business Planning and Consolidation - versions - SAP_BW 750, 751, 752, 753, 754, 755, 756, 757, DWCORE 200, 300, CPMBPC 810, a transaction code reserved for the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

SAP Privilege Escalation Business Planning And Consolidation
NVD
EPSS 1% CVSS 8.8
HIGH This Week

SAP Business Objects Platform - versions 420, and 430, allows an attacker with normal BI user privileges to upload/replace any file on Business Objects server at the operating system level, enabling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP File Upload Business Objects Business Intelligence Platform
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Due to a lack of proper input validation, SAP Commerce Webservices 2.0 (Swagger UI) - versions 1905, 2005, 2105, 2011, 2205, allows malicious inputs from untrusted sources, which can be leveraged by. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP XSS Commerce Webservices 2 0
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Due to the unrestricted scope of the RFC function module, SAP BASIS - versions 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, 791, allows an authenticated non-administrator attacker to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP RCE Code Injection +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Due to a missing authentication check, SAP Business Objects Business Intelligence Platform (Web Intelligence) - versions 420, 430, allows an authenticated non-administrator attacker to modify the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP CSRF Authentication Bypass +1
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Due to insufficient input validation, SAP NetWeaver AS Java (HTTP Provider Service) - version 7.50, allows an unauthenticated attacker to inject a script into a web request header. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Java XSS +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

SAP Solution Manager (Diagnostic Agent) - version 7.20, allows an authenticated attacker on Windows system to access a file containing sensitive data which can be used to access a configuration file. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

SAP Information Disclosure Authentication Bypass +2
NVD
EPSS 1% CVSS 6.0
MEDIUM This Month

Under certain conditions, an attacker authenticated as a CMS administrator and with high privileges access to the Network in SAP BusinessObjects Business Intelligence Platform (Monitoring DB) -. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Business Objects Business Intelligence Platform
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

SAP Financial Consolidation - version 1010, does not sufficiently encode user-controlled input which may allow an unauthenticated attacker to inject a web script via a GET request. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP XSS Financial Consolidation
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

SAP SQL Anywhere - version 17.0, allows an authenticated attacker to prevent legitimate users from accessing a SQL Anywhere database server by crashing the server with some queries that use an ARRAY. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP SQLi Sql Anywhere
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Due to insufficient input validation, SAP Financial Consolidation - version 1010, allows an authenticated attacker to inject malicious script when running a common query in the Web Administration. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP XSS Financial Consolidation
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

SAP NetWeaver ABAP Server and ABAP Platform allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Open Redirect Netweaver Application Server Abap
NVD
EPSS 1% CVSS 8.7
HIGH This Week

Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to delete a file which is. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Netweaver Application Server Abap
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to read a file which is. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal SAP Netweaver Application Server Abap
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Due to lack of proper memory management, when a victim opens manipulated file received from untrusted sources in SAP 3D Visual Enterprise Author and SAP 3D Visual Enterprise Viewer, Arbitrary Code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SAP RCE Buffer Overflow +2
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Due to insufficient input validation, SAP Financial Consolidation - version 1010, allows an authenticated attacker with user privileges to alter current user session. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP XSS Financial Consolidation
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

SAP Biller Direct allows an unauthenticated attacker to craft a legitimate looking URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Open Redirect Biller Direct
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

SAP GUI allows an authenticated attacker to execute scripts in the local network. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

SAP RCE Code Injection +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

In some workflow of SAP BusinessObjects BI Platform (Central Management Console and BI LaunchPad), an authenticated attacker with low privileges can intercept a serialized object in the parameters. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Deserialization Businessobjects Business Intelligence
NVD
EPSS 0% CVSS 5.2
MEDIUM This Month

SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses insecure random number generator program which makes it easy for the attacker to predict future random numbers. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure SAP +1
NVD
EPSS 0% CVSS 5.2
MEDIUM This Month

SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses encryption method which lacks proper diffusion and does not hide the patterns well. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure SAP +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

SAP BusinessObjects Business Intelligence platform (Analysis for OLAP) - versions 420, 430, allows an authenticated attacker to send user-controlled inputs when OLAP connections are created and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Businessobjects Business Intelligence
NVD
EPSS 1% CVSS 8.8
HIGH This Week

An attacker can change the content of an SAP Commerce - versions 1905, 2005, 2105, 2011, 2205, login page through a manipulated URL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Open Redirect Commerce
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Due to lack of proper memory management, when a victim opens a manipulated Visual Design Stream (.vds, vds.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE SAP Buffer Overflow +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Due to lack of proper memory management, when a victim opens a manipulated Right Hemisphere Binary (.rh, rh.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE SAP Buffer Overflow +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Due to lack of proper memory management, when a victim opens a manipulated Scalable Vector Graphic (.svg, svg.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE SAP Buffer Overflow +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Due to lack of proper memory management, when a victim opens a manipulated Open Inventor File (.iv, vrml.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE SAP Buffer Overflow +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Due to lack of proper memory management, when a victim opens a manipulated SketchUp (.skp, SketchUp.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE SAP Buffer Overflow +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Due to lack of proper memory management, when a victim opens a manipulated VRML Worlds (.wrl, vrml.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SAP Buffer Overflow 3D Visual Enterprise Viewer
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Due to lack of proper memory management, when a victim opens a manipulated VRML Worlds (.wrl, vrml.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE SAP Buffer Overflow +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Due to lack of proper memory management, when a victim opens a manipulated EAAmiga Interchange File Format (.iff, 2d.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer -. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE SAP Buffer Overflow +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Due to lack of proper memory management, when a victim opens a manipulated Encapsulated Postscript (.eps, ai.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SAP Buffer Overflow 3D Visual Enterprise Viewer
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Due to lack of proper memory management, when a victim opens a manipulated Encapsulated Post Script (.eps, ai.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE SAP Buffer Overflow +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Due to lack of proper memory management, when a victim opens manipulated Jupiter Tesselation (.jt, JTReader.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SAP Buffer Overflow 3D Visual Enterprise Viewer
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Due to lack of proper memory management, when a victim opens a manipulated Jupiter Tesselation (.jt, JTReader.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE SAP Buffer Overflow +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Due to lack of proper memory management, when a victim opens a manipulated AutoCAD (.dxf, TeighaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE SAP Buffer Overflow +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Due to lack of proper memory management, when a victim opens a manipulated AutoCAD (.dwg, TeighaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE SAP Buffer Overflow +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Due to lack of proper memory management, when a victim opens manipulated Wavefront Object (.obj, ObjTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SAP Buffer Overflow 3D Visual Enterprise Viewer
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Due to lack of proper memory management, when a victim opens a manipulated Wavefront Object (.obj, ObjTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE SAP Buffer Overflow +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Due to lack of proper memory management, when a victim opens manipulated Computer Graphics Metafile (.cgm, CgmCore.dll) file received from untrusted sources in SAP 3D Visual Enterprise Viewer -. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE SAP Buffer Overflow +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Due to lack of proper memory management, when a victim opens a manipulated Visual Design Stream (.vds, MataiPersistence.dll) file received from untrusted sources in SAP 3D Visual Enterprise Author -. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE SAP Buffer Overflow +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Due to lack of proper memory management, when a victim opens a manipulated Windows Cursor File (.cur, ico.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE SAP +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Due to lack of proper memory management, when a victim opens manipulated Windows Cursor File (.cur, ico.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft SAP Buffer Overflow +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Due to lack of proper memory management, when a victim opens manipulated Parasolid Part and Assembly (.x_b, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SAP Buffer Overflow 3D Visual Enterprise Author
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Due to lack of proper memory management, when a victim opens manipulated Portable Document Format (.pdf, PDFPublishing.dll) file received from untrusted sources in SAP 3D Visual Enterprise Author -. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SAP Buffer Overflow 3D Visual Enterprise Author
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Due to lack of proper memory management, when a victim opens a manipulated Portable Document Format (.pdf, PDFPublishing.dll) file received from untrusted sources in SAP 3D Visual Enterprise Author -. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE SAP Buffer Overflow +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Due to lack of proper memory management, when a victim opens a manipulated Jupiter Tesselation (.jt, JtTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author -. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE SAP Buffer Overflow +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Due to lack of proper memory management, when a victim opens manipulated Iges Part and Assembly (.igs, .iges, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SAP Buffer Overflow 3D Visual Enterprise Author
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Due to lack of proper memory management, when a victim opens a manipulated Iges Part and Assembly (.igs, .iges, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE SAP Buffer Overflow +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Due to lack of proper memory management, when a victim opens manipulated Enhanced Metafile (.emf, emf.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SAP Buffer Overflow 3D Visual Enterprise Author
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Due to lack of proper memory management, when a victim opens a manipulated Enhanced Metafile (.emf, emf.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE SAP Buffer Overflow +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Due to lack of proper memory management, when a victim opens manipulated Right Hemisphere Material (.rhm, rh.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9,. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SAP Buffer Overflow 3D Visual Enterprise Author
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Due to lack of proper memory management, when a victim opens manipulated AutoCAD (.dxf, TeighaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SAP Buffer Overflow 3D Visual Enterprise Author
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Due to lack of proper memory management, when a victim opens a manipulated AutoCAD (.dxf, TeighaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE SAP Buffer Overflow +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Due to lack of proper memory management, when a victim opens manipulated CATIA4 Part (.model, CatiaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9,. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SAP Buffer Overflow 3D Visual Enterprise Author
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Due to lack of proper memory management, when a victim opens a manipulated CATIA4 Part (.model, CatiaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE SAP Buffer Overflow +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Due to lack of proper memory management, when a victim opens manipulated CATIA5 Part (.catpart, CatiaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SAP Buffer Overflow 3D Visual Enterprise Author
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Due to lack of proper memory management, when a victim opens a manipulated CATIA5 Part (.catpart, CatiaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author -. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE SAP Buffer Overflow +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Due to lack of proper memory management, when a victim opens a manipulated AutoCAD (.dwg, TeighaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE SAP Buffer Overflow +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Due to lack of proper memory management, when a victim opens manipulated Wavefront Object (.obj, ObjTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SAP Buffer Overflow 3D Visual Enterprise Author
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Due to lack of proper memory management, when a victim opens a manipulated Wavefront Object (.obj, ObjTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE SAP Buffer Overflow +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Due to lack of proper memory management, when a victim opens manipulated SolidWorks Drawing (.sldasm, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author -. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SAP Buffer Overflow 3D Visual Enterprise Author
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Due to lack of proper memory management, when a victim opens a manipulated SolidWorks Drawing (.slddrw, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE SAP Buffer Overflow +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Due to lack of proper memory management, when a victim opens a manipulated Computer Graphics Metafile (.cgm, CgmTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE SAP Buffer Overflow +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Due to lack of proper memory management, when a victim opens a manipulated SolidWorks Part (.sldprt, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author -. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE SAP Buffer Overflow +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Due to lack of proper memory management, when a victim opens a manipulated ACIS Part and Assembly (.sat, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE SAP Buffer Overflow +1
NVD
EPSS 6% CVSS 7.5
HIGH This Week

SAP Manufacturing Execution - versions 15.1, 15.2, 15.3, allows an attacker to exploit insufficient validation of a file path request parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Path Traversal SAP +1
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

SAP BusinessObjects BI LaunchPad - versions 420, 430, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Businessobjects Business Intelligence
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

SAP SQL Anywhere - version 17.0, and SAP IQ - version 16.1, allows an attacker to leverage logical errors in memory management to cause a memory corruption, such as Stack-based buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Stack Overflow Buffer Overflow +2
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

The application SAP Enable Now does not sufficiently encode user-controlled inputs over the network before it is placed in the output being served to other users, thereby expanding the attack scope,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Enable Now
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

Under certain conditions, the application SAP BusinessObjects Business Intelligence Platform (Version Management System) exposes sensitive information to an actor over the network with high. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Businessobjects Business Intelligence
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

SAP Data Services Management allows an attacker to copy the data from a request and echoed into the application's immediate response, it will lead to a Cross-Site Scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Data Services
NVD
EPSS 1% CVSS 7.5
HIGH This Week

SAP GRC Access control Emergency Access Management allows an authenticated attacker to access a Firefighter session even after it is closed in Firefighter Logon Pad. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass SAP Access Control
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

An attacker with no prior authentication could craft and send malicious script to SAP GUI for HTML within Fiori Launchpad, resulting in reflected cross-site scripting attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Netweaver Application Server Abap
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Under certain conditions SAP BusinessObjects Business Intelligence Platform Central Management Console (CMC) - version 430, allows an attacker to access certain unencrypted sensitive parameters which. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure SAP Businessobjects Business Intelligence Platform
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

SAP NetWeaver Enterprise Portal (KMC) - version 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Netweaver Enterprise Portal
NVD
EPSS 1% CVSS 4.9
MEDIUM POC This Month

In SAP Host Agent (SAPOSCOL) - version 7.22, an attacker may use files created by saposcol to escalate privileges for themselves. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SAP Privilege Escalation Host Agent
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

An attacker with basic business user privileges could craft and upload a malicious file to SAP NetWeaver Application Server ABAP, which is then downloaded and viewed by other users resulting in a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure XSS SAP +1
NVD
Prev Page 7 of 19 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy