Filtered by vendor Sap
Subscriptions
Total
1493 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-27595 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-08-03 | 3.3 Low |
| When a user opens manipulated Portable Document Format (.PDF) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | ||||
| CVE-2021-27613 | 1 Sap | 1 Chef Business-one-cookbook | 2024-08-03 | 7.8 High |
| Under certain conditions, SAP Business One Chef cookbook, version - 9.2, 9.3, 10.0, used to install SAP Business One, allows an attacker to exploit an insecure temporary folder for incoming & outgoing payroll data and to access information which would otherwise be restricted, which could lead to Information Disclosure and highly impact system confidentiality, integrity and availability. | ||||
| CVE-2021-27610 | 1 Sap | 2 Netweaver Abap, Netweaver Application Server Abap | 2024-08-03 | 9.8 Critical |
| SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 804, does not create information about internal and external RFC user in consistent and distinguished format, which could lead to improper authentication and may be exploited by malicious users to obtain illegitimate access to the system. | ||||
| CVE-2021-27591 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-08-03 | 7.8 High |
| When a user opens manipulated Portable Document Format (.PDF) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application. | ||||
| CVE-2021-27597 | 1 Sap | 1 Netweaver Abap | 2024-08-03 | 7.5 High |
| SAP NetWeaver AS for ABAP (RFC Gateway), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method memmove() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified. | ||||
| CVE-2021-27586 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-08-03 | 7.8 High |
| When a user opens manipulated Interchange File Format (.IFF) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application. | ||||
| CVE-2021-21486 | 1 Sap | 1 Enterprise Financial Services | 2024-08-03 | 8.8 High |
| SAP Enterprise Financial Services versions, 101, 102, 103, 104, 105, 600, 603, 604, 605, 606, 616, 617, 618, 800, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | ||||
| CVE-2021-21490 | 1 Sap | 1 Netweaver Application Server Abap | 2024-08-03 | 6.1 Medium |
| SAP NetWeaver AS for ABAP (Web Survey), versions - 700, 702, 710, 711, 730, 731, 750, 750, 752, 75A, 75F, does not sufficiently encode input and output parameters which results in reflected cross site scripting vulnerability, through which a malicious user can access data relating to the current session and use it to impersonate a user and access all information with the same rights as the target user. | ||||
| CVE-2021-21493 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-08-03 | 3.3 Low |
| When a user opens manipulated Graphics Interchange Format (.GIF) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application. | ||||
| CVE-2021-21461 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-08-03 | 8.8 High |
| SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated BMP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | ||||
| CVE-2021-21462 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-08-03 | 8.8 High |
| SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | ||||
| CVE-2021-21473 | 1 Sap | 1 Netweaver Application Server Abap | 2024-08-03 | 6.3 Medium |
| SAP NetWeaver AS ABAP and ABAP Platform, versions - 700, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, contains function module SRM_RFC_SUBMIT_REPORT which fails to validate authorization of an authenticated user thus allowing an unauthorized user to execute reports in SAP NetWeaver ABAP Platform. | ||||
| CVE-2021-21492 | 1 Sap | 1 Netweaver Application Server Java | 2024-08-03 | 4.3 Medium |
| SAP NetWeaver Application Server Java(HTTP Service), versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate logon group in URLs, resulting in a content spoofing vulnerability when directory listing is enabled. | ||||
| CVE-2021-21476 | 1 Sap | 1 Ui5 | 2024-08-03 | 6.1 Medium |
| SAP UI5 versions before 1.38.49, 1.52.49, 1.60.34, 1.71.31, 1.78.18, 1.84.5, 1.85.4, 1.86.1 allows an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities. | ||||
| CVE-2021-21479 | 1 Sap | 1 Scimono | 2024-08-03 | 9.1 Critical |
| In SCIMono before 0.0.19, it is possible for an attacker to inject and execute java expression compromising the availability and integrity of the system. | ||||
| CVE-2021-21457 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-08-03 | 8.8 High |
| SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated IFF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | ||||
| CVE-2021-21459 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-08-03 | 8.8 High |
| SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated IFF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | ||||
| CVE-2021-21482 | 1 Sap | 1 Netweaver Master Data Management | 2024-08-03 | 8.3 High |
| SAP NetWeaver Master Data Management, versions - 710, 710.750, allows a malicious unauthorized user with access to the MDM Server subnet to find the password using a brute force method. If successful, the attacker could obtain access to highly sensitive data and MDM administrative privileges leading to information disclosure vulnerability thereby affecting the confidentiality and integrity of the application. This happens when security guidelines and recommendations concerning administrative accounts of an SAP NetWeaver Master Data Management installation have not been thoroughly reviewed. | ||||
| CVE-2021-21478 | 1 Sap | 1 Web Dynpro Abap | 2024-08-03 | 6.1 Medium |
| SAP Web Dynpro ABAP allow an attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities. | ||||
| CVE-2021-21491 | 1 Sap | 1 Netweaver Application Server Java | 2024-08-03 | 6.1 Medium |
| SAP Netweaver Application Server Java (Applications based on WebDynpro Java) versions 7.00, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allow an attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities. | ||||