Vulnerabilities > SAP

DATE CVE VULNERABILITY TITLE RISK
2023-06-13 CVE-2023-33986 Unspecified vulnerability in SAP Customer Relationship Management Abap 430
SAP CRM ABAP (Grantor Management) - versions 700, 701, 702, 712, 713, 714, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap
6.1
2023-06-13 CVE-2023-33991 Unspecified vulnerability in SAP UI
SAP UI5 Variant Management - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, UI_700 200, does not sufficiently encode user-controlled inputs on reading data from the server, resulting in Stored Cross-Site Scripting (Stored XSS) vulnerability.
network
low complexity
sap
8.2
2023-05-09 CVE-2023-30740 Unspecified vulnerability in SAP Businessobjects Business Intelligence 420/430
SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker to access sensitive information which is otherwise restricted.
network
low complexity
sap
7.6
2023-05-09 CVE-2023-30741 Unspecified vulnerability in SAP Businessobjects Business Intelligence 420/430
Due to insufficient input validation, SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an unauthenticated attacker to redirect users to untrusted site using a malicious link.
network
low complexity
sap
6.1
2023-05-09 CVE-2023-30742 Unspecified vulnerability in SAP products
SAP CRM (WebClient UI) - versions S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 700, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting (XSS) vulnerability.An attacker could store a malicious URL and lure the victim to click, causing the script supplied by the attacker to execute in the victim user's session.
network
low complexity
sap
6.1
2023-05-09 CVE-2023-30743 Unspecified vulnerability in SAP Sapui5
Due to improper neutralization of input in SAPUI5 - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, UI_700 200, sap.m.FormattedText SAPUI5 control allows injection of untrusted CSS.
network
low complexity
sap
6.1
2023-05-09 CVE-2023-30744 Unspecified vulnerability in SAP Netweaver Application Server for Java 7.50
In SAP AS NetWeaver JAVA - versions SERVERCORE 7.50, J2EE-FRMW 7.50, CORE-TOOLS 7.50, an unauthenticated attacker can attach to an open interface and make use of an open naming and directory API to instantiate an object which has methods which can be called without further authorization and authentication.
network
low complexity
sap
critical
9.1
2023-05-09 CVE-2023-31404 Information Exposure vulnerability in SAP Businessobjects Business Intelligence 420/430
Under certain conditions, SAP BusinessObjects Business Intelligence Platform (Central Management Service) - versions 420, 430, allows an attacker to access information which would otherwise be restricted.
network
low complexity
sap CWE-200
5.0
2023-05-09 CVE-2023-31406 Unspecified vulnerability in SAP Businessobjects Business Intelligence 420/430
Due to insufficient input validation, SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an unauthenticated attacker to redirect users to untrusted site using a malicious link.
network
low complexity
sap
6.1
2023-05-09 CVE-2023-31407 Unspecified vulnerability in SAP Business Planning and Consolidation 740/750
SAP Business Planning and Consolidation - versions 740, 750, allows an authorized attacker to upload a malicious file, resulting in Cross-Site Scripting vulnerability.
network
low complexity
sap
5.4