Vulnerabilities > SAP

DATE CVE VULNERABILITY TITLE RISK
2023-01-10 CVE-2023-0014 Authentication Bypass by Capture-replay vulnerability in SAP products
SAP NetWeaver ABAP Server and ABAP Platform - versions SAP_BASIS 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC 7.22, 7.22EXT, 7.53, KRNL64NUC 7.22, 7.22EXT, creates information about system identity in an ambiguous format.
network
low complexity
sap CWE-294
critical
9.8
2023-01-10 CVE-2023-0015 Cross-site Scripting vulnerability in SAP Business Objects Business Intelligence Platform 420
In SAP BusinessObjects Business Intelligence Platform (Web Intelligence user interface) - version 420, some calls return json with wrong content type in the header of the response.
network
low complexity
sap CWE-79
5.4
2023-01-10 CVE-2023-0016 SQL Injection vulnerability in SAP Business Planning and Consolidation 800/810
SAP BPC MS 10.0 - version 810, allows an unauthorized attacker to execute crafted database queries.
network
low complexity
sap CWE-89
8.8
2023-01-10 CVE-2023-0017 Improper Access Control vulnerability in SAP Netweaver Application Server for Java 7.50
An unauthenticated attacker in SAP NetWeaver AS for Java - version 7.50, due to improper access control, can attach to an open interface and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and data on the current system.
network
low complexity
sap CWE-284
critical
9.8
2023-01-10 CVE-2023-0018 Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 420/430
Due to improper input sanitization of user-controlled input in SAP BusinessObjects Business Intelligence Platform CMC application - versions 420, and 430, an attacker with basic user-level privileges can modify/upload crystal reports containing a malicious payload.
network
low complexity
sap CWE-79
6.1
2023-01-10 CVE-2023-0022 Code Injection vulnerability in SAP Businessobjects Business Intelligence Platform 420/430
SAP BusinessObjects Business Intelligence Analysis edition for OLAP allows an authenticated attacker to inject malicious code that can be executed by the application over the network.
network
low complexity
sap CWE-94
8.8
2023-01-10 CVE-2023-0023 Information Exposure vulnerability in SAP Bank Account Management 800/900
In SAP Bank Account Management (Manage Banks) application, when a user clicks a smart link to navigate to another app, personal data is shown directly in the URL.
network
low complexity
sap CWE-200
5.7
2023-01-10 CVE-2023-0012 Improper Access Control vulnerability in SAP Host Agent 7.21/7.22
In SAP Host Agent (Windows) - versions 7.21, 7.22, an attacker who gains local membership to SAP_LocalAdmin could be able to replace executables with a malicious file that will be started under a privileged account.
local
low complexity
sap CWE-284
6.7
2023-01-10 CVE-2023-0013 Cross-site Scripting vulnerability in SAP Netweaver Application Server Abap
The ABAP Keyword Documentation of SAP NetWeaver Application Server - versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, for ABAP and ABAP Platform does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
6.1
2022-12-13 CVE-2022-41272 Missing Authorization vulnerability in SAP Netweaver Process Integration 7.50
An unauthenticated attacker over the network can attach to an open interface exposed through JNDI by the User Defined Search (UDS) of SAP NetWeaver Process Integration (PI) - version 7.50 and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and data across the entire system.
network
low complexity
sap CWE-862
8.6