Vulnerabilities > SAP

DATE CVE VULNERABILITY TITLE RISK
2023-08-08 CVE-2023-37490 Unspecified vulnerability in SAP Businessobjects Business Intelligence 420/430
SAP Business Objects Installer - versions 420, 430, allows an authenticated attacker within the network to overwrite an executable file created in a temporary directory during the installation process.
low complexity
sap
critical
9.0
2023-08-08 CVE-2023-37491 Unspecified vulnerability in SAP Message Server
The ACL (Access Control List) of SAP Message Server - versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, RNL64UC 7.22, RNL64UC 7.22EXT, RNL64UC 7.53, KRNL64NUC 7.22, KRNL64NUC 7.22EXT, can be bypassed in certain conditions, which may enable an authenticated malicious user to enter the network of the SAP systems served by the attacked SAP Message server.
network
low complexity
sap
8.8
2023-08-08 CVE-2023-37492 Missing Authorization vulnerability in SAP Netweaver Application Server Abap
SAP NetWeaver Application Server ABAP and ABAP Platform - versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, SAP_BASIS 793, SAP_BASIS 804, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
network
low complexity
sap CWE-862
6.5
2023-08-08 CVE-2023-39436 Unspecified vulnerability in SAP Supplier Relationship Management
SAP Supplier Relationship Management -versions 600, 602, 603, 604, 605, 606, 616, 617, allows an unauthorized attacker to discover information relating to SRM within Vendor Master Data for Business Partners replication functionality.This information could be used to allow the attacker to specialize their attacks against SRM.
network
low complexity
sap
5.8
2023-08-08 CVE-2023-39437 Unspecified vulnerability in SAP Business ONE 10.0
SAP business One allows - version 10.0, allows an attacker to insert malicious code into the content of a web page or application and gets it delivered to the client, resulting to Cross-site scripting.
network
low complexity
sap
5.4
2023-08-08 CVE-2023-39439 Unspecified vulnerability in SAP Commerce Cloud and Commerce Hycom
SAP Commerce Cloud may accept an empty passphrase for user ID and passphrase authentication, allowing users to log into the system without a passphrase.
network
low complexity
sap
critical
9.8
2023-08-08 CVE-2023-39440 Unspecified vulnerability in SAP Businessobjects Business Intelligence 420
In SAP BusinessObjects Business Intelligence - version 420, If a user logs in to a particular program, under certain specific conditions memory might not be cleared up properly, due to which attacker might be able to get access to user credentials.
local
high complexity
sap
4.4
2023-07-11 CVE-2023-31405 Unspecified vulnerability in SAP Netweaver Application Server for Java 7.50
SAP NetWeaver AS for Java - versions ENGINEAPI 7.50, SERVERCORE 7.50, J2EE-APPS 7.50, allows an unauthenticated attacker to craft a request over the network which can result in unwarranted modifications to a system log without user interaction.
network
low complexity
sap
5.3
2023-07-11 CVE-2023-33987 Unspecified vulnerability in SAP web Dispatcher
An unauthenticated attacker in SAP Web Dispatcher - versions WEBDISP 7.49, WEBDISP 7.53, WEBDISP 7.54, WEBDISP 7.77, WEBDISP 7.81, WEBDISP 7.85, WEBDISP 7.88, WEBDISP 7.89, WEBDISP 7.90, KERNEL 7.49, KERNEL 7.53, KERNEL 7.54 KERNEL 7.77, KERNEL 7.81, KERNEL 7.85, KERNEL 7.88, KERNEL 7.89, KERNEL 7.90, KRNL64NUC 7.49, KRNL64UC 7.49, KRNL64UC 7.53, HDB 2.00, XS_ADVANCED_RUNTIME 1.00, SAP_EXTENDED_APP_SERVICES 1, can submit a malicious crafted request over a network to a front-end server which may, over several attempts, result in a back-end server confusing the boundaries of malicious and legitimate messages.
network
low complexity
sap
critical
9.4
2023-07-11 CVE-2023-33988 Unspecified vulnerability in SAP Enable NOW
In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the Content-Security-Policy and X-XSS-Protection response headers are not implemented, allowing an unauthenticated attacker to attempt reflected cross-site scripting, which could result in disclosure or modification of information.
network
low complexity
sap
6.1