Filtered by vendor Sap
Subscriptions
Total
1493 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-29619 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-08-03 | 6.5 Medium |
| Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.x - versions 420,430 allows user Administrator to view, edit or modify rights of objects it doesn't own and which would otherwise be restricted. | ||||
| CVE-2022-29611 | 1 Sap | 1 Netweaver Application Server Abap | 2024-08-03 | 8.8 High |
| SAP NetWeaver Application Server for ABAP and ABAP Platform do not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | ||||
| CVE-2022-29615 | 1 Sap | 1 Netweaver Developer Studio | 2024-08-03 | 3.4 Low |
| SAP NetWeaver Developer Studio (NWDS) - version 7.50, is based on Eclipse, which contains the logging framework log4j in version 1.x. The application's confidentiality and integrity could have a low impact due to the vulnerabilities associated with version 1.x. | ||||
| CVE-2022-29614 | 1 Sap | 2 Host Agent, Netweaver Abap | 2024-08-03 | 5.0 Medium |
| SAP startservice - of SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform and HANA Database - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, SAPHOSTAGENT 7.22, - on Unix systems, s-bit helper program sapuxuserchk, can be abused physically resulting in a privilege escalation of an attacker leading to low impact on confidentiality and integrity, but a profound impact on availability. | ||||
| CVE-2022-29610 | 1 Sap | 1 Netweaver Application Server Abap | 2024-08-03 | 5.4 Medium |
| SAP NetWeaver Application Server ABAP allows an authenticated attacker to upload malicious files and delete (theme) data, which could result in Stored Cross-Site Scripting (XSS) attack. | ||||
| CVE-2022-29618 | 1 Sap | 1 Netweaver Development Infrastructure | 2024-08-03 | 6.1 Medium |
| Due to insufficient input validation, SAP NetWeaver Development Infrastructure (Design Time Repository) - versions 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to inject script into the URL and execute code in the user’s browser. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application. | ||||
| CVE-2022-29617 | 1 Sap | 1 Contributor License Agreement Assistant | 2024-08-03 | 6.5 Medium |
| Due to improper error handling an authenticated user can crash CLA assistant instance. This could impact the availability of the application. | ||||
| CVE-2022-29613 | 1 Sap | 1 Employee Self Service | 2024-08-03 | 4.3 Medium |
| Due to insufficient input validation, SAP Employee Self Service allows an authenticated attacker with user privileges to alter employee number. On successful exploitation, the attacker can view personal details of other users causing a limited impact on confidentiality of the application. | ||||
| CVE-2022-28771 | 1 Sap | 1 Business One License Service Api | 2024-08-03 | 7.5 High |
| Due to missing authentication check, SAP Business one License service API - version 10.0 allows an unauthenticated attacker to send malicious http requests over the network. On successful exploitation, an attacker can break the whole application making it inaccessible. | ||||
| CVE-2022-28774 | 1 Sap | 1 Host Agent | 2024-08-03 | 5.5 Medium |
| Under certain conditions, the SAP Host Agent logfile shows information which would otherwise be restricted. | ||||
| CVE-2022-28773 | 1 Sap | 2 Netweaver, Web Dispatcher | 2024-08-03 | 7.5 High |
| Due to an uncontrolled recursion in SAP Web Dispatcher and SAP Internet Communication Manager, the application may crash, leading to denial of service, but can be restarted automatically. | ||||
| CVE-2022-28770 | 1 Sap | 1 Sapui5 Library | 2024-08-03 | 6.1 Medium |
| Due to insufficient input validation, SAPUI5 library(vbm) - versions 750, 753, 754, 755, 75, allows an unauthenticated attacker to inject a script into the URL and execute code. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application. | ||||
| CVE-2022-28772 | 1 Sap | 2 Netweaver, Web Dispatcher | 2024-08-03 | 7.5 High |
| By overlong input values an attacker may force overwrite of the internal program stack in SAP Web Dispatcher - versions 7.53, 7.77, 7.81, 7.85, 7.86, or Internet Communication Manager - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, which makes these programs unavailable, leading to denial of service. | ||||
| CVE-2022-28216 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-08-03 | 6.1 Medium |
| SAP BusinessObjects Business Intelligence Platform (BI Workspace) - version 420, is susceptible to a Cross-Site Scripting attack by an unauthenticated attacker due to improper sanitization of the user inputs on the network. On successful exploitation, an attacker can access certain reports causing a limited impact on confidentiality of the application data. | ||||
| CVE-2022-28213 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-08-03 | 8.1 High |
| When a user access SOAP Web services in SAP BusinessObjects Business Intelligence Platform - version 420, 430, it does not sufficiently validate the XML document accepted from an untrusted source, which might result in arbitrary files retrieval from the server and in successful exploits of DoS. | ||||
| CVE-2022-28214 | 1 Sap | 2 Businessobjects, Businessobjects Business Intelligence | 2024-08-03 | 7.8 High |
| During an update of SAP BusinessObjects Enterprise, Central Management Server (CMS) - versions 420, 430, authentication credentials are being exposed in Sysmon event logs. This Information Disclosure could cause a high impact on systems’ Confidentiality, Integrity, and Availability. | ||||
| CVE-2022-28215 | 1 Sap | 1 Netweaver Abap | 2024-08-03 | 4.7 Medium |
| SAP NetWeaver ABAP Server and ABAP Platform - versions 740, 750, 787, allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. This could lead to the user being tricked to disclose personal information. | ||||
| CVE-2022-28217 | 1 Sap | 1 Netweaver | 2024-08-03 | 6.5 Medium |
| Some part of SAP NetWeaver (EP Web Page Composer) does not sufficiently validate an XML document accepted from an untrusted source, which allows an adversary to exploit unprotected XML parking at endpoints, and a possibility to conduct SSRF attacks that could compromise system�s Availability by causing system to crash. | ||||
| CVE-2022-27668 | 1 Sap | 4 Netweaver As Abap, Netweaver As Abap Krnl64nuc, Netweaver As Abap Krnl64uc and 1 more | 2024-08-03 | 9.8 Critical |
| Depending on the configuration of the route permission table in file 'saprouttab', it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, from a remote client, for example stopping the SAProuter, that could highly impact systems availability. | ||||
| CVE-2022-27669 | 1 Sap | 1 Netweaver Application Server For Java | 2024-08-03 | 7.5 High |
| An unauthenticated user can use functions of XML Data Archiving Service of SAP NetWeaver Application Server for Java - version 7.50, to which access should be restricted. This may result in an escalation of privileges. | ||||