Vulnerabilities > SAP

DATE CVE VULNERABILITY TITLE RISK
2021-01-12 CVE-2021-21471 Unspecified vulnerability in SAP Cla-Assistant
In CLA-Assistant, versions before 2.8.5, due to improper access control an authenticated user could access API endpoints which are not intended to be used by the user.
network
low complexity
sap
4.0
2021-01-12 CVE-2021-21470 XXE vulnerability in SAP Enterprise Performance Management 1010/2.8
SAP EPM Add-in for Microsoft Office, version - 1010 and SAP EPM Add-in for SAP Analysis Office, version - 2.8, allows an authenticated attacker with user privileges to parse malicious XML files which could result in XXE-based attacks in applications that accept attacker-controlled XML configuration files.
local
low complexity
sap CWE-611
3.6
2021-01-12 CVE-2021-21469 Information Exposure vulnerability in SAP Netweaver Master Data Management 7.10/7.10.750/710
When security guidelines for SAP NetWeaver Master Data Management, versions 7.10, 710, and 710.750, running on windows have not been thoroughly reviewed, it might be possible for an external operator to try and set custom paths in the MDS server configuration.
network
low complexity
sap CWE-200
5.0
2021-01-12 CVE-2021-21468 Missing Authorization vulnerability in SAP Business Warehouse
The BW Database Interface does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges that allows the user to practically read out any database table.
network
low complexity
sap CWE-862
4.0
2021-01-12 CVE-2021-21467 Missing Authorization vulnerability in SAP Banking Services 400/450/500
SAP Banking Services (Generic Market Data) 400, 450, and 500 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
network
low complexity
sap CWE-862
4.0
2021-01-12 CVE-2021-21466 Code Injection vulnerability in SAP Business Warehouse and Bw/4Hana
SAP Business Warehouse, versions 700, 701, 702, 711, 730, 731, 740, 750, 782 and SAP BW/4HANA, versions 100, 200, allow a low privileged attacker to inject code using a remote enabled function module over the network.
network
low complexity
sap CWE-94
6.5
2021-01-12 CVE-2021-21465 SQL Injection vulnerability in SAP Business Warehouse
The BW Database Interface allows an attacker with low privileges to execute any crafted database queries, exposing the backend database.
network
low complexity
sap CWE-89
6.5
2021-01-12 CVE-2021-21464 Unspecified vulnerability in SAP 3D Visual Enterprise Viewer 9
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
network
sap
4.3
2021-01-12 CVE-2021-21463 Out-Of-Bounds Read vulnerability in SAP 3D Visual Enterprise Viewer 9
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
network
sap CWE-125
6.8
2021-01-12 CVE-2021-21462 Out-Of-Bounds Write vulnerability in SAP 3D Visual Enterprise Viewer 9
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
network
sap CWE-787
6.8