Vulnerabilities > SAP

DATE CVE VULNERABILITY TITLE RISK
2022-05-11 CVE-2022-29616 Out-of-bounds Write vulnerability in SAP products
SAP Host Agent, SAP NetWeaver and ABAP Platform allow an attacker to leverage logical errors in memory management to cause a memory corruption.
network
low complexity
sap CWE-787
5.0
2022-05-11 CVE-2022-27656 Cross-site Scripting vulnerability in SAP products
The Web administration UI of SAP Web Dispatcher and the Internet Communication Manager (ICM) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
sap CWE-79
4.3
2022-05-11 CVE-2022-28214 Cleartext Storage of Sensitive Information vulnerability in SAP products
During an update of SAP BusinessObjects Enterprise, Central Management Server (CMS) - versions 420, 430, authentication credentials are being exposed in Sysmon event logs.
local
low complexity
sap CWE-312
4.6
2022-05-11 CVE-2022-28774 Incorrect Authorization vulnerability in SAP Host Agent 7.22
Under certain conditions, the SAP Host Agent logfile shows information which would otherwise be restricted.
local
sap CWE-863
1.9
2022-05-11 CVE-2022-29610 Cross-site Scripting vulnerability in SAP Netweaver Application Server Abap
SAP NetWeaver Application Server ABAP allows an authenticated attacker to upload malicious files and delete (theme) data, which could result in Stored Cross-Site Scripting (XSS) attack.
network
sap CWE-79
3.5
2022-05-11 CVE-2022-29611 Missing Authorization vulnerability in SAP Netweaver Application Server for Abap
SAP NetWeaver Application Server for ABAP and ABAP Platform do not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
network
low complexity
sap CWE-862
6.5
2022-05-11 CVE-2022-29613 Improper Input Validation vulnerability in SAP Employee Self Service 605
Due to insufficient input validation, SAP Employee Self Service allows an authenticated attacker with user privileges to alter employee number.
network
low complexity
sap CWE-20
4.0
2022-04-12 CVE-2022-22541 Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 420/430
SAP BusinessObjects Business Intelligence Platform - versions 420, 430, may allow legitimate users to access information they shouldn't see through relational or OLAP connections.
network
low complexity
sap
4.0
2022-04-12 CVE-2022-26105 Cross-site Scripting vulnerability in SAP Netweaver Enterprise Portal
SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the Network.
network
sap CWE-79
4.3
2022-04-12 CVE-2022-26106 Improper Input Validation vulnerability in SAP 3D Visual Enterprise Viewer 9
When a user opens a manipulated Computer Graphics Metafile (.cgm, CgmCore.dll) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application.
network
sap CWE-20
4.3