Vulnerabilities > SAP

DATE CVE VULNERABILITY TITLE RISK
2023-09-12 CVE-2023-40622 Unspecified vulnerability in SAP Businessobjects Business Intelligence 420/430
SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, under certain condition allows an authenticated attacker to view sensitive information which is otherwise restricted.
network
low complexity
sap
critical
9.9
2023-09-12 CVE-2023-40623 Unspecified vulnerability in SAP Businessobjects 420/430
SAP BusinessObjects Suite Installer - version 420, 430, allows an attacker within the network to create a directory under temporary directory and link it to a directory with operating system files.
network
low complexity
sap
7.1
2023-09-12 CVE-2023-40624 Unspecified vulnerability in SAP Netweaver Application Server Abap
SAP NetWeaver AS ABAP (applications based on Unified Rendering) - versions SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI 758, SAP_BASIS 702, SAP_BASIS 731, allows an attacker to inject JavaScript code that can be executed in the web-application.
network
low complexity
sap
5.4
2023-09-12 CVE-2023-40625 Unspecified vulnerability in SAP S4Core
S4CORE (Manage Purchase Contracts App) - versions 102, 103, 104, 105, 106, 107, does not perform necessary authorization checks for an authenticated user.
network
low complexity
sap
5.4
2023-09-12 CVE-2023-37489 Unspecified vulnerability in SAP Businessobjects Business Intelligence 430
Due to the lack of validation, SAP BusinessObjects Business Intelligence Platform (Version Management System) - version 403, permits an unauthenticated user to read the code snippet through the UI, which leads to low impact on confidentiality and no impact on the application's availability or integrity.
network
low complexity
sap
5.3
2023-09-12 CVE-2023-40308 Unspecified vulnerability in SAP products
SAP CommonCryptoLib allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable.
network
low complexity
sap
7.5
2023-09-12 CVE-2023-41367 Unspecified vulnerability in SAP Netweaver 7.50
Due to missing authentication check in webdynpro application, an unauthorized user in SAP NetWeaver (Guided Procedures) - version 7.50, can gain access to admin view of specific function anonymously.
network
low complexity
sap
5.3
2023-09-12 CVE-2023-41368 Unspecified vulnerability in SAP S/4 Hana
The OData service of the S4 HANA (Manage checkbook apps) - versions 102, 103, 104, 105, 106, 107, allows an attacker to change the checkbook name by simulating an update OData call.
network
low complexity
sap
5.3
2023-09-12 CVE-2023-41369 Unspecified vulnerability in SAP S/4 Hana
The Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, 107, 108, allows an attacker to upload the XML file as an attachment. When clicked on the XML file in the attachment section, the file gets opened in the browser to cause the entity loops to slow down the browser.
network
low complexity
sap
4.3
2023-09-12 CVE-2023-42472 Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 420
Due to insufficient file type validation, SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) - version 420, allows a report creator to upload files from local system into the report over the network.
network
low complexity
sap
7.3