Vulnerabilities > SAP
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-08 | CVE-2023-37483 | Missing Authentication for Critical Function vulnerability in SAP Powerdesigner 16.7 SAP PowerDesigner - version 16.7, has improper access control which might allow an unauthenticated attacker to run arbitrary queries against the back-end database via Proxy. | 9.8 |
| 2023-08-08 | CVE-2023-37484 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in SAP Powerdesigner 16.7 SAP PowerDesigner - version 16.7, queries all password hashes in the backend database and compares it with the user provided one during login attempt, which might allow an attacker to access password hashes from the client's memory. | 5.3 |
| 2023-08-08 | CVE-2023-37486 | Information Exposure Through Caching vulnerability in SAP Commerce Cloud and Commerce Hycom Under certain conditions SAP Commerce (OCC API) - versions HY_COM 2105, HY_COM 2205, COM_CLOUD 2211, endpoints allow an attacker to access information which would otherwise be restricted. | 7.5 |
| 2023-08-08 | CVE-2023-37487 | Exposure of System Data to an Unauthorized Control Sphere vulnerability in SAP Business ONE 10.0 SAP Business One (Service Layer) - version 10.0, allows an authenticated attacker with deep knowledge perform certain operation to access unintended data over the network which could lead to high impact on confidentiality with no impact on integrity and availability of the application | 5.3 |
| 2023-08-08 | CVE-2023-37488 | Cross-site Scripting vulnerability in SAP Netweaver Process Integration 7.50 In SAP NetWeaver Process Integration - versions SAP_XIESR 7.50, SAP_XITOOL 7.50, SAP_XIAF 7.50, user-controlled inputs, if not sufficiently encoded, could result in Cross-Site Scripting (XSS) attack. | 6.1 |
| 2023-08-08 | CVE-2023-37490 | Uncontrolled Search Path Element vulnerability in SAP Businessobjects Business Intelligence 420/430 SAP Business Objects Installer - versions 420, 430, allows an authenticated attacker within the network to overwrite an executable file created in a temporary directory during the installation process. | 9.0 |
| 2023-08-08 | CVE-2023-37491 | Incorrect Authorization vulnerability in SAP Message Server The ACL (Access Control List) of SAP Message Server - versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, RNL64UC 7.22, RNL64UC 7.22EXT, RNL64UC 7.53, KRNL64NUC 7.22, KRNL64NUC 7.22EXT, can be bypassed in certain conditions, which may enable an authenticated malicious user to enter the network of the SAP systems served by the attacked SAP Message server. | 8.8 |
| 2023-08-08 | CVE-2023-37492 | Missing Authorization vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver Application Server ABAP and ABAP Platform - versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, SAP_BASIS 793, SAP_BASIS 804, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 6.5 |
| 2023-08-08 | CVE-2023-39436 | Missing Authentication for Critical Function vulnerability in SAP Supplier Relationship Management SAP Supplier Relationship Management -versions 600, 602, 603, 604, 605, 606, 616, 617, allows an unauthorized attacker to discover information relating to SRM within Vendor Master Data for Business Partners replication functionality.This information could be used to allow the attacker to specialize their attacks against SRM. | 5.8 |
| 2023-08-08 | CVE-2023-39437 | Cross-site Scripting vulnerability in SAP Business ONE 10.0 SAP business One allows - version 10.0, allows an attacker to insert malicious code into the content of a web page or application and gets it delivered to the client, resulting to Cross-site scripting. | 5.4 |