Filtered by vendor Sap
Subscriptions
Total
1493 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-39804 | 1 Sap | 1 3d Visual Enterprise Author | 2024-08-03 | 7.8 High |
| Due to lack of proper memory management, when a victim opens a manipulated SolidWorks Part (.sldprt, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | ||||
| CVE-2022-39808 | 1 Sap | 1 3d Visual Enterprise Author | 2024-08-03 | 7.8 High |
| Due to lack of proper memory management, when a victim opens a manipulated Wavefront Object (.obj, ObjTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | ||||
| CVE-2022-39806 | 1 Sap | 1 3d Visual Enterprise Author | 2024-08-03 | 7.8 High |
| Due to lack of proper memory management, when a victim opens a manipulated SolidWorks Drawing (.slddrw, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | ||||
| CVE-2022-39805 | 1 Sap | 1 3d Visual Enterprise Author | 2024-08-03 | 7.8 High |
| Due to lack of proper memory management, when a victim opens a manipulated Computer Graphics Metafile (.cgm, CgmTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | ||||
| CVE-2022-39803 | 1 Sap | 1 3d Visual Enterprise Author | 2024-08-03 | 7.8 High |
| Due to lack of proper memory management, when a victim opens a manipulated ACIS Part and Assembly (.sat, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | ||||
| CVE-2022-39802 | 1 Sap | 1 Manufacturing Execution | 2024-08-03 | 7.5 High |
| SAP Manufacturing Execution - versions 15.1, 15.2, 15.3, allows an attacker to exploit insufficient validation of a file path request parameter. The intended file path can be manipulated to allow arbitrary traversal of directories on the remote server. The file content within each directory can be read which may lead to information disclosure. | ||||
| CVE-2022-39807 | 1 Sap | 1 3d Visual Enterprise Author | 2024-08-03 | 5.5 Medium |
| Due to lack of proper memory management, when a victim opens manipulated SolidWorks Drawing (.sldasm, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application. | ||||
| CVE-2022-39800 | 1 Sap | 1 Businessobjects Business Intelligence | 2024-08-03 | 6.1 Medium |
| SAP BusinessObjects BI LaunchPad - versions 420, 430, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the network. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application. | ||||
| CVE-2022-39799 | 1 Sap | 1 Netweaver Application Server Abap | 2024-08-03 | 6.1 Medium |
| An attacker with no prior authentication could craft and send malicious script to SAP GUI for HTML within Fiori Launchpad, resulting in reflected cross-site scripting attack. This could lead to stealing session information and impersonating the affected user. | ||||
| CVE-2022-39801 | 1 Sap | 1 Access Control | 2024-08-03 | 7.5 High |
| SAP GRC Access control Emergency Access Management allows an authenticated attacker to access a Firefighter session even after it is closed in Firefighter Logon Pad. This attack can be launched only within the firewall. On successful exploitation the attacker can gain access to admin session and completely compromise the application. | ||||
| CVE-2022-39015 | 1 Sap | 1 Business Objects Business Intelligence Platform | 2024-08-03 | 6.5 Medium |
| Under certain conditions, BOE AdminTools/ BOE SDK allows an attacker to access information which would otherwise be restricted. | ||||
| CVE-2022-39013 | 1 Sap | 1 Business Objects Business Intelligence Platform | 2024-08-03 | 7.6 High |
| Under certain conditions an authenticated attacker can get access to OS credentials. Getting access to OS credentials enables the attacker to modify system data and make the system unavailable leading to high impact on confidentiality and low impact on integrity and availability of the application. | ||||
| CVE-2022-39014 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-08-03 | 5.3 Medium |
| Under certain conditions SAP BusinessObjects Business Intelligence Platform Central Management Console (CMC) - version 430, allows an attacker to access certain unencrypted sensitive parameters which would otherwise be restricted. | ||||
| CVE-2022-35299 | 1 Sap | 2 Sap Iq, Sql Anywhere | 2024-08-03 | 9.8 Critical |
| SAP SQL Anywhere - version 17.0, and SAP IQ - version 16.1, allows an attacker to leverage logical errors in memory management to cause a memory corruption, such as Stack-based buffer overflow. | ||||
| CVE-2022-35295 | 1 Sap | 1 Host Agent | 2024-08-03 | 4.9 Medium |
| In SAP Host Agent (SAPOSCOL) - version 7.22, an attacker may use files created by saposcol to escalate privileges for themselves. | ||||
| CVE-2022-35298 | 1 Sap | 1 Netweaver Enterprise Portal | 2024-08-03 | 6.1 Medium |
| SAP NetWeaver Enterprise Portal (KMC) - version 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability. KMC servlet is vulnerable to XSS attack. The execution of script content by a victim registered on the portal could compromise the confidentiality and integrity of victim’s web browser session. | ||||
| CVE-2022-35296 | 1 Sap | 1 Businessobjects Business Intelligence | 2024-08-03 | 4.9 Medium |
| Under certain conditions, the application SAP BusinessObjects Business Intelligence Platform (Version Management System) exposes sensitive information to an actor over the network with high privileges that is not explicitly authorized to have access to that information, leading to a high impact on Confidentiality. | ||||
| CVE-2022-35290 | 1 Sap | 1 Authenticator | 2024-08-03 | 7.5 High |
| Under certain conditions SAP Authenticator for Android allows an attacker to access information which would otherwise be restricted. | ||||
| CVE-2022-35291 | 1 Sap | 1 Successfactors Mobile | 2024-08-03 | 8.1 High |
| Due to misconfigured application endpoints, SAP SuccessFactors attachment APIs allow attackers with user privileges to perform activities with admin privileges over the network. These APIs were consumed in the SF Mobile application for Time Off, Time Sheet, EC Workflow, and Benefits. On successful exploitation, the attacker can read/write attachments. Thus, compromising the confidentiality and integrity of the application | ||||
| CVE-2022-35297 | 1 Sap | 1 Enable Now | 2024-08-03 | 5.4 Medium |
| The application SAP Enable Now does not sufficiently encode user-controlled inputs over the network before it is placed in the output being served to other users, thereby expanding the attack scope, resulting in Stored Cross-Site Scripting (XSS) vulnerability leading to limited impact on Confidentiality, Integrity and Availability. | ||||