Filtered by vendor Sap
Subscriptions
Total
1493 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-33702 | 1 Sap | 1 Netweaver Enterprise Portal | 2024-08-03 | 6.1 Medium |
| Under certain conditions, NetWeaver Enterprise Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode report data. An attacker can craft malicious data and print it to the report. In a successful attack, a victim opens the report, and the malicious script gets executed in the victim's browser, resulting in a Stored Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2021-33701 | 1 Sap | 3 Dmis, S4core, Sapscore | 2024-08-03 | 9.1 Critical |
| DMIS Mobile Plug-In or SAP S/4HANA, versions - DMIS 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 710, 2011_1_731, 710, 2011_1_752, 2020, SAPSCORE 125, S4CORE 102, 102, 103, 104, 105, allows an attacker with access to highly privileged account to execute manipulated query in NDZT tool to gain access to Superuser account, leading to SQL Injection vulnerability, that highly impacts systems Confidentiality, Integrity and Availability. | ||||
| CVE-2021-33686 | 1 Sap | 1 Business One | 2024-08-03 | 5.3 Medium |
| Under certain conditions, SAP Business One version - 10.0, allows an unauthorized attacker to get access to some encrypted sensitive information, but does not have control over kind or degree. | ||||
| CVE-2021-33698 | 1 Sap | 1 Business One | 2024-08-03 | 8.8 High |
| SAP Business One, version - 10.0, allows an attacker with business authorization to upload any files (including script files) without the proper file format validation. | ||||
| CVE-2021-33696 | 1 Sap | 1 Businessobjects Business Intelligence | 2024-08-03 | 5.4 Medium |
| SAP BusinessObjects Business Intelligence Platform (Crystal Report), versions - 420, 430, does not sufficiently encode user controlled inputs and therefore an authorized attacker can exploit a XSS vulnerability, leading to non-permanently deface or modify displayed content from a Web site. | ||||
| CVE-2021-33680 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-08-03 | 6.5 Medium |
| SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated CGM file received from untrusted sources which causes buffer overflow and causes the application to crash and becoming temporarily unavailable until the user restarts the application. | ||||
| CVE-2021-33668 | 1 Sap | 1 Infrabox | 2024-08-03 | 7.5 High |
| Due to improper input sanitization, specially crafted LDAP queries can be injected by an unauthenticated user. This could partially impact the confidentiality of the application. | ||||
| CVE-2021-33666 | 1 Sap | 1 Commerce Cloud | 2024-08-03 | 6.1 Medium |
| When SAP Commerce Cloud version 100, hosts a JavaScript storefront, it is vulnerable to MIME sniffing, which, in certain circumstances, could be used to facilitate an XSS attack or malware proliferation. | ||||
| CVE-2021-33674 | 1 Sap | 1 Contact Center | 2024-08-03 | 6.1 Medium |
| Under certain conditions, SAP Contact Center - version 700, does not sufficiently encode user-controlled inputs. This allows an attacker to exploit a Reflected Cross-Site Scripting (XSS) vulnerability when creating a new email and to execute arbitrary code on the victim's browser. | ||||
| CVE-2021-33659 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-08-03 | 5.5 Medium |
| SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated GIF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | ||||
| CVE-2021-33700 | 1 Sap | 1 Business One | 2024-08-03 | 7.8 High |
| SAP Business One, version - 10.0, allows a local attacker with access to the victim's browser under certain circumstances, to login as the victim without knowing his/her password. The attacker could so obtain highly sensitive information which the attacker could use to take substantial control of the vulnerable application. | ||||
| CVE-2021-33707 | 1 Sap | 1 Netweaver Knowledge Management | 2024-08-03 | 6.1 Medium |
| SAP NetWeaver Knowledge Management allows remote attackers to redirect users to arbitrary websites and conduct phishing attacks via a URL stored in a component. This could enable the attacker to compromise the user's confidentiality and integrity. | ||||
| CVE-2021-33697 | 1 Sap | 1 Businessobjects Business Intelligence | 2024-08-03 | 6.1 Medium |
| Under certain conditions, SAP BusinessObjects Business Intelligence Platform (SAPUI5), versions - 420, 430, can allow an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities. | ||||
| CVE-2021-33664 | 1 Sap | 1 Netweaver Application Server Abap | 2024-08-03 | 5.4 Medium |
| SAP NetWeaver Application Server ABAP (Applications based on Web Dynpro ABAP), versions - SAP_UI - 750,752,753,754,755, SAP_BASIS - 702, 731 does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2021-33693 | 1 Sap | 1 Cloud Connector | 2024-08-03 | 6.8 Medium |
| SAP Cloud Connector, version - 2.0, allows an authenticated administrator to modify a configuration file to inject malicious codes that could potentially lead to OS command execution. | ||||
| CVE-2021-33676 | 1 Sap | 1 Customer Relationship Management | 2024-08-03 | 7.2 High |
| A missing authority check in SAP CRM, versions - 700, 701, 702, 712, 713, 714, could be leveraged by an attacker with high privileges to compromise confidentiality, integrity, or availability of the system. | ||||
| CVE-2021-33687 | 1 Sap | 1 Netweaver Application Server Java | 2024-08-03 | 4.9 Medium |
| SAP NetWeaver AS JAVA (Enterprise Portal), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50 reveals sensitive information in one of their HTTP requests, an attacker can use this in conjunction with other attacks such as XSS to steal this information. | ||||
| CVE-2021-33688 | 1 Sap | 1 Business One | 2024-08-03 | 4.3 Medium |
| SAP Business One allows an attacker with business privileges to execute crafted database queries, exposing the back-end database. Due to framework restrictions, only some information can be obtained. | ||||
| CVE-2021-33678 | 1 Sap | 1 Netweaver Application Server Abap | 2024-08-03 | 6.5 Medium |
| A function module of SAP NetWeaver AS ABAP (Reconciliation Framework), versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75B, 75C, 75D, 75E, 75F, allows a high privileged attacker to inject code that can be executed by the application. An attacker could thereby delete some critical information and could make the SAP system completely unavailable. | ||||
| CVE-2021-33681 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-08-03 | 6.5 Medium |
| SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated CGM file received from untrusted sources which causes out of bounds write and causes the application to crash and becoming temporarily unavailable until the user restarts the application. | ||||