Filtered by vendor Sap Subscriptions
Total 1497 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-35225 1 Sap 1 Netweaver Enterprise Portal 2024-11-21 6.1 Medium
SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting (XSS) vulnerability, therefore changing the scope of the attack. This leads to limited impact on confidentiality and integrity of data.
CVE-2022-35224 1 Sap 1 Enterprise Portal 2024-11-21 6.1 Medium
SAP Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. This attack can be used to non-permanently deface or modify portal content. The execution of script content by a victim registered on the portal could compromise the confidentiality and integrity of victim�s web browser session.
CVE-2022-35172 1 Sap 1 Netweaver Enterprise Portal 2024-11-21 6.1 Medium
SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.
CVE-2022-35171 1 Sap 1 3d Visual Enterprise Viewer 2024-11-21 5.5 Medium
When a user opens manipulated JPEG 2000 (.jp2, jp2k.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. The file format details along with their CVE relevant information can be found below
CVE-2022-35170 1 Sap 1 Netweaver Enterprise Portal 2024-11-21 6.1 Medium
SAP NetWeaver Enterprise Portal does - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting (XSS) vulnerability, therefore changing the scope of the attack. This leads to limited impact on confidentiality and integrity of data.
CVE-2022-35169 1 Sap 1 Businessobjects Business Intelligence Platform 2024-11-21 6.0 Medium
SAP BusinessObjects Business Intelligence Platform (LCM) - versions 420, 430, allows an attacker with an admin privilege to read and decrypt LCMBIAR file's password under certain conditions, enabling the attacker to modify the password or import the file into another system causing high impact on confidentiality but a limited impact on the availability and integrity of the application.
CVE-2022-35168 1 Sap 1 Business One 2024-11-21 7.5 High
Due to improper input sanitization of XML input in SAP Business One - version 10.0, an attacker can perform a denial-of-service attack rendering the system temporarily inoperative.
CVE-2022-32249 1 Sap 1 Business One 2024-11-21 7.5 High
Under special integration scenario of SAP Business one and SAP HANA - version 10.0, an attacker can exploit HANA cockpit�s data volume to gain access to highly sensitive information (e.g., high privileged account credentials)
CVE-2022-32248 1 Sap 1 S\/4hana 2024-11-21 5.3 Medium
Due to missing input validation in the Manage Checkbooks component of SAP S/4HANA - version 101, 102, 103, 104, 105, 106, an attacker could insert or edit the value of an existing field in the database. This leads to an impact on the integrity of the data.
CVE-2022-32247 1 Sap 1 Netweaver Enterprise Portal 2024-11-21 6.1 Medium
SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the User inputs while interacting on the Network. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.
CVE-2022-32246 1 Sap 1 Business Objects Business Intelligence Platform 2024-11-21 4.6 Medium
SAP Busines Objects Business Intelligence Platform (Visual Difference Application) - versions 420, 430, allows an authenticated attacker who has access to BI admin console to send crafted queries and extract data from the SQL backend. On successful exploitation, the attacker can cause limited impact on confidentiality and integrity of the application
CVE-2022-32245 1 Sap 1 Businessobjects Business Intelligence 2024-11-21 8.2 High
SAP BusinessObjects Business Intelligence Platform (Open Document) - versions 420, 430, allows an unauthenticated attacker to retrieve sensitive information plain text over the network. On successful exploitation, the attacker can view any data available for a business user and put load on the application by an automated attack. Thus, completely compromising confidentiality but causing a limited impact on the availability of the application.
CVE-2022-32244 1 Sap 1 Businessobjects Business Intelligence 2024-11-21 5.2 Medium
Under certain conditions an attacker authenticated as a CMS administrator access the BOE Commentary database and retrieve (non-personal) system data, modify system data but can't make the system unavailable. This needs the attacker to have high privilege access to the same physical/logical network to access information which would otherwise be restricted, leading to low impact on confidentiality and high impact on integrity of the application.
CVE-2022-32243 1 Sap 1 3d Visual Enterprise Viewer 2024-11-21 5.5 Medium
When a user opens manipulated Scalable Vector Graphics (.svg, svg.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.
CVE-2022-32242 1 Sap 1 3d Visual Enterprise Viewer 2024-11-21 5.5 Medium
When a user opens manipulated Radiance Picture (.hdr, hdr.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.
CVE-2022-32241 1 Sap 1 3d Visual Enterprise Viewer 2024-11-21 5.5 Medium
When a user opens manipulated Portable Document Format (.pdf, PDFView.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.
CVE-2022-32240 1 Sap 1 3d Visual Enterprise Viewer 2024-11-21 5.5 Medium
When a user opens manipulated Jupiter Tesselation (.jt, JTReader.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.
CVE-2022-32239 1 Sap 1 3d Visual Enterprise Viewer 2024-11-21 5.5 Medium
When a user opens manipulated JPEG 2000 (.jp2, jp2k.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.
CVE-2022-32238 1 Sap 1 3d Visual Enterprise Viewer 2024-11-21 5.5 Medium
When a user opens manipulated Encapsulated Post Script (.eps, ai.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.
CVE-2022-32237 1 Sap 1 3d Visual Enterprise Viewer 2024-11-21 5.5 Medium
When a user opens manipulated Computer Graphics Metafile (.cgm, CgmCore.dll) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.