Filtered by vendor Sap Subscriptions
Total 1497 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-27655 1 Sap 1 3d Visual Enterprise Viewer 2024-11-21 6.5 Medium
When a user opens a manipulated Universal 3D (.u3d, 3difr.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application.
CVE-2022-27654 1 Sap 1 3d Visual Enterprise Viewer 2024-11-21 6.5 Medium
When a user opens a manipulated Photoshop Document (.psd, 2d.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application.
CVE-2022-26109 1 Sap 1 3d Visual Enterprise Viewer 2024-11-21 6.5 Medium
When a user opens a manipulated Portable Document Format (.pdf, PDFView.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application.
CVE-2022-26108 1 Sap 1 3d Visual Enterprise Viewer 2024-11-21 6.5 Medium
When a user opens a manipulated Picture Exchange (.pcx, 2d.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application.
CVE-2022-26107 1 Sap 1 3d Visual Enterprise Viewer 2024-11-21 6.5 Medium
When a user opens a manipulated Jupiter Tesselation (.jt, JTReader.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application.
CVE-2022-26106 1 Sap 1 3d Visual Enterprise Viewer 2024-11-21 6.5 Medium
When a user opens a manipulated Computer Graphics Metafile (.cgm, CgmCore.dll) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application.
CVE-2022-26105 1 Sap 1 Netweaver Enterprise Portal 2024-11-21 6.1 Medium
SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the Network. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.
CVE-2022-26104 1 Sap 1 Financial Consolidation 2024-11-21 5.3 Medium
SAP Financial Consolidation - version 10.1, does not perform necessary authorization checks for updating homepage messages, resulting for an unauthorized user to alter the maintenance system message.
CVE-2022-26103 1 Sap 1 Netweaver Application Server Java 2024-11-21 5.3 Medium
Under certain conditions, SAP NetWeaver (Real Time Messaging Framework) - version 7.50, allows an attacker to access information which could lead to information gathering for further exploits and attacks.
CVE-2022-26102 1 Sap 1 Netweaver Application Server Abap 2024-11-21 5.4 Medium
Due to missing authorization check, SAP NetWeaver Application Server for ABAP - versions 700, 701, 702, 731, allows an authenticated attacker, to access content on the start screen of any transaction that is available with in the same SAP system even if he/she isn't authorized for that transaction. A successful exploitation could expose information and in worst case manipulate data before the start screen is executed, resulting in limited impact on confidentiality and integrity of the application.
CVE-2022-26101 1 Sap 1 Fiori Launchpad 2024-11-21 6.1 Medium
Fiori launchpad - versions 754, 755, 756, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
CVE-2022-26100 1 Sap 1 Sapcar 2024-11-21 9.8 Critical
SAPCAR - version 7.22, does not contain sufficient input validation on the SAPCAR archive. As a result, the SAPCAR process may crash, and the attacker may obtain privileged access to the system.
CVE-2022-24399 1 Sap 1 Focused Run 2024-11-21 6.1 Medium
The SAP Focused Run (Real User Monitoring) - versions 200, 300, REST service does not sufficiently sanitize the input name of the file using multipart/form-data, resulting in Cross-Site Scripting (XSS) vulnerability.
CVE-2022-24398 1 Sap 1 Business Objects Business Intelligence Platform 2024-11-21 6.5 Medium
Under certain conditions SAP Business Objects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker to access information which would otherwise be restricted.
CVE-2022-24397 1 Sap 1 Netweaver Enterprise Portal 2024-11-21 6.1 Medium
SAP NetWeaver Enterprise Portal - versions 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.This reflected cross-site scripting attack can be used to non-permanently deface or modify displayed content of portal Website. The execution of the script content by a victim registered on the portal could compromise the confidentiality and integrity of victim’s web browser.
CVE-2022-24396 1 Sap 1 Simple Diagnostics Agent 2024-11-21 7.8 High
The Simple Diagnostics Agent - versions 1.0 up to version 1.57, does not perform any authentication checks for functionalities that can be accessed via localhost on http port 3005. Due to lack of authentication checks, an attacker could access administrative or other privileged functionalities and read, modify, or delete sensitive information and configurations.
CVE-2022-24395 1 Sap 1 Netweaver Enterprise Portal 2024-11-21 6.1 Medium
SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.
CVE-2022-22547 1 Sap 1 Simple Diagnostics Agent 2024-11-21 7.5 High
Simple Diagnostics Agent - versions 1.0 (up to version 1.57.), allows an attacker to access information which would otherwise be restricted via a random port 9000-65535. This allows information gathering which could be used exploit future open-source security exploits.
CVE-2022-22546 1 Sap 1 Businessobjects Web Intelligence 2024-11-21 5.4 Medium
Due to improper HTML encoding in input control summary, an authorized attacker can execute XSS vulnerability in SAP Business Objects Web Intelligence (BI Launchpad) - version 420.
CVE-2022-22545 1 Sap 1 Netweaver Abap 2024-11-21 4.9 Medium
A high privileged user who has access to transaction SM59 can read connection details stored with the destination for http calls in SAP NetWeaver Application Server ABAP and ABAP Platform - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756.