Filtered by vendor Sap
Subscriptions
Total
1493 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-35292 | 1 Sap | 1 Business One | 2024-08-03 | 7.8 High |
| In SAP Business One application when a service is created, the executable path contains spaces and isn’t enclosed within quotes, leading to a vulnerability known as Unquoted Service Path which allows a user to gain SYSTEM privileges. If the service is exploited by adversaries, it can be used to gain privileged permissions on a system or network leading to high impact on Confidentiality, Integrity, and Availability. | ||||
| CVE-2022-35294 | 1 Sap | 1 Netweaver Application Server Abap | 2024-08-03 | 5.4 Medium |
| An attacker with basic business user privileges could craft and upload a malicious file to SAP NetWeaver Application Server ABAP, which is then downloaded and viewed by other users resulting in a stored Cross-Site-Scripting attack. This could lead to information disclosure including stealing authentication information and impersonating the affected user. | ||||
| CVE-2022-35293 | 1 Sap | 1 Enable Now Manager | 2024-08-03 | 9.1 Critical |
| Due to insecure session management, SAP Enable Now allows an unauthenticated attacker to gain access to user's account. On successful exploitation, an attacker can view or modify user data causing limited impact on confidentiality and integrity of the application. | ||||
| CVE-2022-35228 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-08-03 | 8.8 High |
| SAP BusinessObjects CMC allows an unauthenticated attacker to retrieve token information over the network which would otherwise be restricted. This can be achieved only when a legitimate user accesses the application and a local compromise occurs, like sniffing or social engineering. On successful exploitation, the attacker can completely compromise the application. | ||||
| CVE-2022-35226 | 1 Sap | 1 Data Services | 2024-08-03 | 6.1 Medium |
| SAP Data Services Management allows an attacker to copy the data from a request and echoed into the application's immediate response, it will lead to a Cross-Site Scripting vulnerability. The attacker would have to log in to the management console to perform such as an attack, only few of the pages are vulnerable in the DS management console. | ||||
| CVE-2022-35172 | 1 Sap | 1 Netweaver Enterprise Portal | 2024-08-03 | 6.1 Medium |
| SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2022-35227 | 1 Sap | 1 Netweaver Enterprise Portal | 2024-08-03 | 6.1 Medium |
| A vulnerability in SAP NW EP (WPC) - versions 7.30, 7.31, 7.40, 7.50, which does not sufficiently validate user-controlled input, allows a remote attacker to conduct a Cross-Site (XSS) scripting attack. A successful exploit could allow the attacker to execute arbitrary script code which could lead to stealing or modifying of authentication information of the user, such as data relating to his or her current session. | ||||
| CVE-2022-35171 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-08-03 | 5.5 Medium |
| When a user opens manipulated JPEG 2000 (.jp2, jp2k.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. The file format details along with their CVE relevant information can be found below | ||||
| CVE-2022-35225 | 1 Sap | 1 Netweaver Enterprise Portal | 2024-08-03 | 6.1 Medium |
| SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting (XSS) vulnerability, therefore changing the scope of the attack. This leads to limited impact on confidentiality and integrity of data. | ||||
| CVE-2022-35224 | 1 Sap | 1 Enterprise Portal | 2024-08-03 | 6.1 Medium |
| SAP Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. This attack can be used to non-permanently deface or modify portal content. The execution of script content by a victim registered on the portal could compromise the confidentiality and integrity of victim�s web browser session. | ||||
| CVE-2022-35168 | 1 Sap | 1 Business One | 2024-08-03 | 7.5 High |
| Due to improper input sanitization of XML input in SAP Business One - version 10.0, an attacker can perform a denial-of-service attack rendering the system temporarily inoperative. | ||||
| CVE-2022-35169 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-08-03 | 6.0 Medium |
| SAP BusinessObjects Business Intelligence Platform (LCM) - versions 420, 430, allows an attacker with an admin privilege to read and decrypt LCMBIAR file's password under certain conditions, enabling the attacker to modify the password or import the file into another system causing high impact on confidentiality but a limited impact on the availability and integrity of the application. | ||||
| CVE-2022-35170 | 1 Sap | 1 Netweaver Enterprise Portal | 2024-08-03 | 6.1 Medium |
| SAP NetWeaver Enterprise Portal does - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting (XSS) vulnerability, therefore changing the scope of the attack. This leads to limited impact on confidentiality and integrity of data. | ||||
| CVE-2022-32248 | 1 Sap | 1 S\/4hana | 2024-08-03 | 5.3 Medium |
| Due to missing input validation in the Manage Checkbooks component of SAP S/4HANA - version 101, 102, 103, 104, 105, 106, an attacker could insert or edit the value of an existing field in the database. This leads to an impact on the integrity of the data. | ||||
| CVE-2022-32244 | 1 Sap | 1 Businessobjects Business Intelligence | 2024-08-03 | 5.2 Medium |
| Under certain conditions an attacker authenticated as a CMS administrator access the BOE Commentary database and retrieve (non-personal) system data, modify system data but can't make the system unavailable. This needs the attacker to have high privilege access to the same physical/logical network to access information which would otherwise be restricted, leading to low impact on confidentiality and high impact on integrity of the application. | ||||
| CVE-2022-32245 | 1 Sap | 1 Businessobjects Business Intelligence | 2024-08-03 | 8.2 High |
| SAP BusinessObjects Business Intelligence Platform (Open Document) - versions 420, 430, allows an unauthenticated attacker to retrieve sensitive information plain text over the network. On successful exploitation, the attacker can view any data available for a business user and put load on the application by an automated attack. Thus, completely compromising confidentiality but causing a limited impact on the availability of the application. | ||||
| CVE-2022-32246 | 1 Sap | 1 Business Objects Business Intelligence Platform | 2024-08-03 | 4.6 Medium |
| SAP Busines Objects Business Intelligence Platform (Visual Difference Application) - versions 420, 430, allows an authenticated attacker who has access to BI admin console to send crafted queries and extract data from the SQL backend. On successful exploitation, the attacker can cause limited impact on confidentiality and integrity of the application | ||||
| CVE-2022-32241 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-08-03 | 5.5 Medium |
| When a user opens manipulated Portable Document Format (.pdf, PDFView.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | ||||
| CVE-2022-32239 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-08-03 | 5.5 Medium |
| When a user opens manipulated JPEG 2000 (.jp2, jp2k.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | ||||
| CVE-2022-32243 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-08-03 | 5.5 Medium |
| When a user opens manipulated Scalable Vector Graphics (.svg, svg.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | ||||