Vulnerabilities > SAP

DATE CVE VULNERABILITY TITLE RISK
2023-07-11 CVE-2023-33989 Unspecified vulnerability in SAP Netweaver BI Content
An attacker with non-administrative authorizations in SAP NetWeaver (BI CONT ADD ON) - versions 707, 737, 747, 757, can exploit a directory traversal flaw to over-write system files.
network
low complexity
sap
8.1
2023-07-11 CVE-2023-33990 Unspecified vulnerability in SAP SQL Anywhere 17.0
SAP SQL Anywhere - version 17.0, allows an attacker to prevent legitimate users from accessing the service by crashing the service.
local
low complexity
sap
7.1
2023-07-11 CVE-2023-33992 Unspecified vulnerability in SAP Business Warehouse and Bw/4Hana
The SAP BW BICS communication layer in SAP Business Warehouse and SAP BW/4HANA - version SAP_BW 730, SAP_BW 731, SAP_BW 740, SAP_BW 730, SAP_BW 750, DW4CORE 100, DW4CORE 200, DW4CORE 300, may expose unauthorized cell values to the data response.
network
low complexity
sap
6.5
2023-07-11 CVE-2023-35870 Unspecified vulnerability in SAP S4Core
When creating a journal entry template in SAP S/4HANA (Manage Journal Entry Template) - versions S4CORE 104, 105, 106, 107, an attacker could intercept the save request and change the template, leading to an impact on confidentiality and integrity of the resource.
network
low complexity
sap
7.3
2023-07-11 CVE-2023-35871 Unspecified vulnerability in SAP web Dispatcher
The SAP Web Dispatcher - versions WEBDISP 7.53, WEBDISP 7.54, WEBDISP 7.77, WEBDISP 7.85, WEBDISP 7.89, WEBDISP 7.91, WEBDISP 7.92, WEBDISP 7.93, KERNEL 7.53, KERNEL 7.54 KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KRNL64UC 7.53, HDB 2.00, XS_ADVANCED_RUNTIME 1.00, SAP_EXTENDED_APP_SERVICES 1, has a vulnerability that can be exploited by an unauthenticated attacker to cause memory corruption through logical errors in memory management this may leads to information disclosure or system crashes, which can have low impact on confidentiality and high impact on the integrity and availability of the system.
network
low complexity
sap
critical
9.4
2023-07-11 CVE-2023-35872 Unspecified vulnerability in SAP Netweaver Process Integration 7.50
The Message Display Tool (MDT) of SAP NetWeaver Process Integration - version SAP_XIAF 7.50, does not perform authentication checks for certain functionalities that require user identity.
network
low complexity
sap
6.5
2023-07-11 CVE-2023-35873 Missing Authentication for Critical Function vulnerability in SAP Netweaver Process Integration 7.50
The Runtime Workbench (RWB) of SAP NetWeaver Process Integration - version SAP_XITOOL 7.50, does not perform authentication checks for certain functionalities that require user identity.
network
low complexity
sap CWE-306
6.5
2023-07-11 CVE-2023-35874 Unspecified vulnerability in SAP Netweaver Application Server Abap
SAP NetWeaver Application Server ABAP and ABAP Platform - version KRNL64NUC, 7.22, KRNL64NUC 7.22EXT, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KERNEL 7.22, KERNEL, 7.53, KERNEL 7.77, KERNEL 7.81, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.92, KERNEL 7.93, under some conditions, performs improper authentication checks for functionalities that require user identity.
network
low complexity
sap
7.4
2023-07-11 CVE-2023-36917 Unspecified vulnerability in SAP Businessobjects Business Intelligence 420/430
SAP BusinessObjects Business Intelligence Platform - version 420, 430, allows an unauthorized attacker who had hijacked a user session, to be able to bypass the victim’s old password via brute force, due to unrestricted rate limit for password change functionality.
network
low complexity
sap
7.5
2023-07-11 CVE-2023-36918 Unspecified vulnerability in SAP Enable NOW
In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the X-Content-Type-Options response header is not implemented, allowing an unauthenticated attacker to trigger MIME type sniffing, which leads to Cross-Site Scripting, which could result in disclosure or modification of information.
network
low complexity
sap
6.1