Filtered by vendor Sap
Subscriptions
Total
1493 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-32247 | 1 Sap | 1 Netweaver Enterprise Portal | 2024-08-03 | 6.1 Medium |
| SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the User inputs while interacting on the Network. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application. | ||||
| CVE-2022-32236 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-08-03 | 5.5 Medium |
| When a user opens manipulated Windows Bitmap (.bmp, 2d.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | ||||
| CVE-2022-32238 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-08-03 | 5.5 Medium |
| When a user opens manipulated Encapsulated Post Script (.eps, ai.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | ||||
| CVE-2022-32235 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-08-03 | 5.5 Medium |
| When a user opens manipulated AutoCAD (.dwg, TeighaTranslator.exe) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | ||||
| CVE-2022-32237 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-08-03 | 5.5 Medium |
| When a user opens manipulated Computer Graphics Metafile (.cgm, CgmCore.dll) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | ||||
| CVE-2022-32240 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-08-03 | 5.5 Medium |
| When a user opens manipulated Jupiter Tesselation (.jt, JTReader.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | ||||
| CVE-2022-32242 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-08-03 | 5.5 Medium |
| When a user opens manipulated Radiance Picture (.hdr, hdr.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | ||||
| CVE-2022-32249 | 1 Sap | 1 Business One | 2024-08-03 | 7.5 High |
| Under special integration scenario of SAP Business one and SAP HANA - version 10.0, an attacker can exploit HANA cockpit�s data volume to gain access to highly sensitive information (e.g., high privileged account credentials) | ||||
| CVE-2022-31598 | 1 Sap | 1 Business Objects Business Intelligence Platform | 2024-08-03 | 5.4 Medium |
| Due to insufficient input validation, SAP Business Objects - version 420, allows an authenticated attacker to submit a malicious request through an allowed operation. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application. | ||||
| CVE-2022-31597 | 1 Sap | 2 S\/4hana, Sapscore | 2024-08-03 | 5.4 Medium |
| Within SAP S/4HANA - versions S4CORE 101, 102, 103, 104, 105, 106, SAPSCORE 127, the application business partner extension for Spain/Slovakia does not perform necessary authorization checks for a low privileged authenticated user over the network, resulting in escalation of privileges leading to low impact on confidentiality and integrity of the data. | ||||
| CVE-2022-31596 | 1 Sap | 1 Business Objects Business Intelligence Platform | 2024-08-03 | 6.0 Medium |
| Under certain conditions, an attacker authenticated as a CMS administrator and with high privileges access to the Network in SAP BusinessObjects Business Intelligence Platform (Monitoring DB) - version 430, can access BOE Monitoring database to retrieve and modify (non-personal) system data which would otherwise be restricted. Also, a potential attack could be used to leave the CMS's scope and impact the database. A successful attack could have a low impact on confidentiality, a high impact on integrity, and a low impact on availability. | ||||
| CVE-2022-31594 | 1 Sap | 1 Adaptive Server Enterprise | 2024-08-03 | 6.7 Medium |
| A highly privileged user can exploit SUID-root program to escalate his privileges to root on a local Unix system. | ||||
| CVE-2022-31595 | 1 Sap | 1 Adaptive Server Enterprise | 2024-08-03 | 8.8 High |
| SAP Financial Consolidation - version 1010,�does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | ||||
| CVE-2022-31593 | 1 Sap | 1 Business One | 2024-08-03 | 8.8 High |
| SAP Business One client - version 10.0 allows an attacker with low privileges, to inject code that can be executed by the application. An attacker could thereby control the behavior of the application. | ||||
| CVE-2022-31592 | 1 Sap | 1 Enterprise Extension Defense Forces \& Public Security | 2024-08-03 | 4.3 Medium |
| The application SAP Enterprise Extension Defense Forces & Public Security - versions 605, 606, 616,617,618, 802, 803, 804, 805, 806, does not perform necessary authorization checks for an authenticated user over the network, resulting in escalation of privileges leading to a limited impact on confidentiality. | ||||
| CVE-2022-31589 | 1 Sap | 3 Erp Financial Accounting, Erp Localization For Cee Countries, S\/4hana | 2024-08-03 | 6.5 Medium |
| Due to improper authorization check, business users who are using Israeli File from SHAAM program (/ATL/VQ23 transaction), are granted more than needed authorization to perform certain transaction, which may lead to users getting access to data that would otherwise be restricted. | ||||
| CVE-2022-31591 | 1 Sap | 1 Businessobjects Bw Publisher Service | 2024-08-03 | 7.8 High |
| SAP BusinessObjects BW Publisher Service - versions 420, 430, uses a search path that contains an unquoted element. A local attacker can gain elevated privileges by inserting an executable file in the path of the affected service | ||||
| CVE-2022-31590 | 1 Sap | 1 Powerdesigner Proxy | 2024-08-03 | 7.8 High |
| SAP PowerDesigner Proxy - version 16.7, allows an attacker with low privileges and has local access, with the ability to work around system’s root disk access restrictions to Write/Create a program file on system disk root path, which could then be executed with elevated privileges of the application during application start up or reboot, potentially compromising Confidentiality, Integrity and Availability of the system. | ||||
| CVE-2022-29612 | 1 Sap | 2 Host Agent, Netweaver Abap | 2024-08-03 | 4.3 Medium |
| SAP NetWeaver, ABAP Platform and SAP Host Agent - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, 8.04, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, 8.04, SAPHOSTAGENT 7.22, allows an authenticated user to misuse a function of sapcontrol webfunctionality(startservice) in Kernel which enables malicious users to retrieve information. On successful exploitation, an attacker can obtain technical information like system number or physical address, which is otherwise restricted, causing a limited impact on the confidentiality of the application. | ||||
| CVE-2022-29616 | 1 Sap | 3 Netweaver As Abap Kernel, Netweaver As Abap Krnl64nuc, Netweaver As Abap Krnl64uc | 2024-08-03 | 7.5 High |
| SAP Host Agent, SAP NetWeaver and ABAP Platform allow an attacker to leverage logical errors in memory management to cause a memory corruption. | ||||