Vulnerabilities > SAP

DATE CVE VULNERABILITY TITLE RISK
2021-07-14 CVE-2021-33667 Unspecified vulnerability in SAP Businessobjects web Intelligence 420/430
Under certain conditions, SAP Business Objects Web Intelligence (BI Launchpad) versions - 420, 430, allows an attacker to access jsp source code, through SDK calls, of Analytical Reporting bundle, a part of the frontend application, which would otherwise be restricted.
network
low complexity
sap
4.0
2021-07-14 CVE-2021-33670 Unspecified vulnerability in SAP Netweaver Application Server Java
SAP NetWeaver AS for Java (Http Service Monitoring Filter), versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send multiple HTTP requests with different method types thereby crashing the filter and making the HTTP server unavailable to other legitimate users leading to denial of service vulnerability.
network
low complexity
sap
5.0
2021-07-14 CVE-2021-33671 Missing Authorization vulnerability in SAP Netweaver Guided Procedures
SAP NetWeaver Guided Procedures (Administration Workset), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
network
low complexity
sap CWE-862
6.5
2021-07-14 CVE-2021-33676 Missing Authorization vulnerability in SAP Customer Relationship Management
A missing authority check in SAP CRM, versions - 700, 701, 702, 712, 713, 714, could be leveraged by an attacker with high privileges to compromise confidentiality, integrity, or availability of the system.
network
low complexity
sap CWE-862
6.5
2021-07-14 CVE-2021-33677 Exposure of Resource TO Wrong Sphere vulnerability in SAP Netweaver Abap and Netweaver AS Abap
SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 702, 730, 731, 804, 740, 750, 784, expose functions to external which can lead to information disclosure.
network
low complexity
sap CWE-668
5.0
2021-07-14 CVE-2021-33678 Code Injection vulnerability in SAP Netweaver AS Abap
A function module of SAP NetWeaver AS ABAP (Reconciliation Framework), versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75B, 75C, 75D, 75E, 75F, allows a high privileged attacker to inject code that can be executed by the application.
network
low complexity
sap CWE-94
7.5
2021-07-14 CVE-2021-33680 Classic Buffer Overflow vulnerability in SAP 3D Visual Enterprise Viewer 9
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated CGM file received from untrusted sources which causes buffer overflow and causes the application to crash and becoming temporarily unavailable until the user restarts the application.
network
sap CWE-120
4.3
2021-07-14 CVE-2021-33681 Out-Of-Bounds Write vulnerability in SAP 3D Visual Enterprise Viewer 9
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated CGM file received from untrusted sources which causes out of bounds write and causes the application to crash and becoming temporarily unavailable until the user restarts the application.
network
sap CWE-787
4.3
2021-07-14 CVE-2021-33682 Cross-Site Scripting vulnerability in SAP Lumira Server 2.4
SAP Lumira Server version 2.4 does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
sap CWE-79
3.5
2021-07-14 CVE-2021-33683 Http Request Smuggling vulnerability in SAP web Dispatcher and Internet Communication Manager
SAP Web Dispatcher and Internet Communication Manager (ICM), versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.73, WEBDISP 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, KERNEL 7.21, 7.22, 7.49, 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, process invalid HTTP header.
network
low complexity
sap CWE-444
4.0