Vulnerabilities > SAP
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-11 | CVE-2023-35874 | Unspecified vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver Application Server ABAP and ABAP Platform - version KRNL64NUC, 7.22, KRNL64NUC 7.22EXT, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KERNEL 7.22, KERNEL, 7.53, KERNEL 7.77, KERNEL 7.81, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.92, KERNEL 7.93, under some conditions, performs improper authentication checks for functionalities that require user identity. | 7.4 |
| 2023-07-11 | CVE-2023-36917 | Unspecified vulnerability in SAP Businessobjects Business Intelligence 420/430 SAP BusinessObjects Business Intelligence Platform - version 420, 430, allows an unauthorized attacker who had hijacked a user session, to be able to bypass the victim’s old password via brute force, due to unrestricted rate limit for password change functionality. | 7.5 |
| 2023-07-11 | CVE-2023-36918 | Unspecified vulnerability in SAP Enable NOW In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the X-Content-Type-Options response header is not implemented, allowing an unauthenticated attacker to trigger MIME type sniffing, which leads to Cross-Site Scripting, which could result in disclosure or modification of information. | 6.1 |
| 2023-07-11 | CVE-2023-36919 | Unspecified vulnerability in SAP Enable NOW In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the Referrer-Policy response header is not implemented, allowing an unauthenticated attacker to obtain referrer details, resulting in information disclosure. | 5.3 |
| 2023-07-11 | CVE-2023-36921 | Improper Encoding or Escaping of Output vulnerability in SAP Solution Manager 7.20 SAP Solution Manager (Diagnostics agent) - version 7.20, allows an attacker to tamper with headers in a client request. | 7.2 |
| 2023-07-11 | CVE-2023-36922 | OS Command Injection vulnerability in SAP Netweaver Due to programming error in function module and report, IS-OIL component in SAP ECC and SAP S/4HANA allows an authenticated attacker to inject an arbitrary operating system command into an unprotected parameter in a common (default) extension. | 8.8 |
| 2023-07-11 | CVE-2023-36924 | Unspecified vulnerability in SAP ERP Defense Forces and Public Security While using a specific function, SAP ERP Defense Forces and Public Security - versions 600, 603, 604, 605, 616, 617, 618, 802, 803, 804, 805, 806, 807, allows an authenticated attacker with admin privileges to write arbitrary data to the syslog file. | 4.9 |
| 2023-07-11 | CVE-2023-36925 | Unspecified vulnerability in SAP Solution Manager 7.20 SAP Solution Manager (Diagnostics agent) - version 7.20, allows an unauthenticated attacker to blindly execute HTTP requests. | 7.2 |
| 2023-06-13 | CVE-2023-2827 | Unspecified vulnerability in SAP Digital Manufacturing and Plant Connectivity SAP Plant Connectivity - version 15.5 (PCo) or the Production Connector for SAP Digital Manufacturing - version 1.0, do not validate the signature of the JSON Web Token (JWT) in the HTTP request sent from SAP Digital Manufacturing. low complexity sap | 5.7 |
| 2023-06-13 | CVE-2023-32114 | Unspecified vulnerability in SAP Netweaver SAP NetWeaver (Change and Transport System) - versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an authenticated user with admin privileges to maliciously run a benchmark program repeatedly in intent to slowdown or make the server unavailable which may lead to a limited impact on Availability with No impact on Confidentiality and Integrity of the application. | 2.7 |