Filtered by vendor Sap
Subscriptions
Total
1493 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-27598 | 1 Sap | 1 Netweaver Application Server Java | 2024-08-03 | 5.3 Medium |
| SAP NetWeaver AS JAVA (Customer Usage Provisioning Servlet), versions - 7.31, 7.40, 7.50, allows an attacker to read some statistical data like product version, traffic, timestamp etc. because of missing authorization check in the servlet. | ||||
| CVE-2021-27605 | 1 Sap | 1 Fiori Apps 2.0 For Travel Management In Sap Erp | 2024-08-03 | 4.3 Medium |
| SAP's HCM Travel Management Fiori Apps V2, version - 608, does not perform proper authorization check, allowing an authenticated but unauthorized attacker to read personnel numbers of employees, resulting in escalation of privileges. However, the attacker can only read some information like last name, first name of the employees, so there is some loss of confidential information, Integrity and Availability are not impacted. | ||||
| CVE-2021-27633 | 1 Sap | 1 Netweaver Abap | 2024-08-03 | 7.5 High |
| SAP NetWeaver AS for ABAP (RFC Gateway), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method ThCPIC() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified. | ||||
| CVE-2021-27619 | 1 Sap | 1 Commerce | 2024-08-03 | 6.5 Medium |
| SAP Commerce (Backoffice Search), versions - 1808, 1811, 1905, 2005, 2011, allows a low privileged user to search for attributes which are not supposed to be displayed to them. Although the search results are masked, the user can iteratively enter one character at a time to search and determine the masked attribute value thereby leading to information disclosure. | ||||
| CVE-2021-27615 | 1 Sap | 1 Manufacturing Execution | 2024-08-03 | 5.4 Medium |
| SAP Manufacturing Execution versions - 15.1, 1.5.2, 15.3, 15.4, does not contain some HTTP security headers in their HTTP response. The lack of these headers in response can be exploited by the attacker to execute Cross-Site Scripting (XSS) attacks. | ||||
| CVE-2021-27609 | 1 Sap | 1 Focused Run | 2024-08-03 | 6.5 Medium |
| SAP Focused RUN versions 200, 300, does not perform necessary authorization checks for an authenticated user, which allows a user to call the oData service and manipulate the activation for the SAP EarlyWatch Alert service data collection and sending to SAP without the intended authorization. | ||||
| CVE-2021-27603 | 1 Sap | 1 Netweaver Application Server Abap | 2024-08-03 | 6.5 Medium |
| An RFC enabled function module SPI_WAIT_MILLIS in SAP NetWeaver AS ABAP, versions - 731, 740, 750, allows to keep a work process busy for any length of time. An attacker could call this function module multiple times to block all work processes thereby causing Denial of Service and affecting the Availability of the SAP system. | ||||
| CVE-2021-27606 | 1 Sap | 1 Netweaver As Abap | 2024-08-03 | 7.5 High |
| SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EncOAMParamStore() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified. | ||||
| CVE-2021-27596 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-08-03 | 3.3 Low |
| When a user opens manipulated Autodesk 3D Studio for MS-DOS (.3DS) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | ||||
| CVE-2021-27611 | 1 Sap | 1 Netweaver Application Server Abap | 2024-08-03 | 6.7 Medium |
| SAP NetWeaver AS ABAP, versions - 700, 701, 702, 730, 731, allow a high privileged attacker to inject malicious code by executing an ABAP report when the attacker has access to the local SAP system. The attacker could then get access to data, overwrite them, or execute a denial of service. | ||||
| CVE-2021-27588 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-08-03 | 7.8 High |
| When a user opens manipulated HPGL format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application. | ||||
| CVE-2021-27590 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-08-03 | 7.8 High |
| When a user opens manipulated Tag Image File Format (.TIFF) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application. | ||||
| CVE-2021-27585 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-08-03 | 7.8 High |
| When a user opens manipulated Computer Graphics Metafile (.CGM) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application. | ||||
| CVE-2021-27604 | 1 Sap | 1 Netweaver Process Integration | 2024-08-03 | 6.5 Medium |
| In order to prevent XML External Entity vulnerability in SAP NetWeaver ABAP Server and ABAP Platform (Process Integration - Enterprise Service Repository JAVA Mappings), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50, SAP recommends to refer this note. | ||||
| CVE-2021-27599 | 1 Sap | 1 Netweaver Process Integration | 2024-08-03 | 6.5 Medium |
| SAP NetWeaver ABAP Server and ABAP Platform (Process Integration - Integration Builder Framework), versions - 7.10, 7.30, 7.31, 7.40, 7.50, allows an attacker to access information under certain conditions, which would otherwise be restricted. | ||||
| CVE-2021-27589 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-08-03 | 7.8 High |
| When a user opens manipulated Scalable Vector Graphics (.SVG) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application. | ||||
| CVE-2021-27587 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-08-03 | 7.8 High |
| When a user opens manipulated Jupiter Tessellation (.JT) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application. | ||||
| CVE-2021-27592 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-08-03 | 7.8 High |
| When a user opens manipulated Universal 3D (.U3D) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | ||||
| CVE-2021-27608 | 1 Sap | 1 Setup | 2024-08-03 | 7.5 High |
| An unquoted service path in SAPSetup, version - 9.0, could lead to privilege escalation during the installation process that is performed when an executable file is registered. This could further lead to complete compromise of confidentiality, Integrity and Availability. | ||||
| CVE-2021-27607 | 1 Sap | 1 Netweaver As Abap | 2024-08-03 | 7.5 High |
| SAP NetWeaver ABAP Server and ABAP Platform (Dispatcher), versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method ThSncIn() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified. | ||||