Vulnerabilities > SAP
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-11 | CVE-2023-26458 | Exposure of Resource to Wrong Sphere vulnerability in SAP Landscape Management 3.0 An information disclosure vulnerability exists in SAP Landscape Management - version 3.0, enterprise edition. | 8.7 |
| 2023-04-11 | CVE-2023-27267 | Missing Authentication for Critical Function vulnerability in SAP Diagnostics Agent 720 Due to missing authentication and insufficient input validation, the OSCommand Bridge of SAP Diagnostics Agent - version 720, allows an attacker with deep knowledge of the system to execute scripts on all connected Diagnostics Agents. | 8.1 |
| 2023-04-11 | CVE-2023-27497 | Missing Authentication for Critical Function vulnerability in SAP Diagnostics Agent 720 Due to missing authentication and input sanitization of code the EventLogServiceCollector of SAP Diagnostics Agent - version 720, allows an attacker to execute malicious scripts on all connected Diagnostics Agents running on Windows. | 9.8 |
| 2023-04-11 | CVE-2023-27499 | Cross-site Scripting vulnerability in SAP Netweaver and Netweaver Application Server Abap SAP GUI for HTML - versions KERNEL 7.22, 7.53, 7.54, 7.77, 7.81, 7.85, 7.89, 7.91, KRNL64UC, 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT does not sufficiently encode user-controlled inputs, resulting in a reflected Cross-Site Scripting (XSS) vulnerability. | 6.1 |
| 2023-04-11 | CVE-2023-27897 | Code Injection vulnerability in SAP Customer Relationship Management In SAP CRM - versions 700, 701, 702, 712, 713, an attacker who is authenticated with a non-administrative role and a common remote execution authorization can use a vulnerable interface to execute an application function to perform actions which they would not normally be permitted to perform. | 6.3 |
| 2023-04-11 | CVE-2023-28761 | Missing Authentication for Critical Function vulnerability in SAP Netweaver Enterprise Portal 7.50 In SAP NetWeaver Enterprise Portal - version 7.50, an unauthenticated attacker can attach to an open interface and make use of an open API to access a service which will enable them to access or modify server settings and data, leading to limited impact on confidentiality and integrity. | 6.5 |
| 2023-04-11 | CVE-2023-28763 | Unspecified vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker authenticated as a non-administrative user to craft a request with certain parameters which can consume the server's resources sufficiently to make it unavailable over the network without any user interaction. | 6.5 |
| 2023-04-11 | CVE-2023-28765 | Unspecified vulnerability in SAP Businessobjects Business Intelligence 420/430 An attacker with basic privileges in SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, can get access to lcmbiar file and further decrypt the file. | 9.8 |
| 2023-04-11 | CVE-2023-29108 | Unspecified vulnerability in SAP Abap Platform Kernel and web Dispatcher The IP filter in ABAP Platform and SAP Web Dispatcher - versions WEBDISP 7.85, 7.89, KERNEL 7.85, 7.89, 7.91, may be vulnerable by erroneous IP netmask handling. | 5.3 |
| 2023-04-11 | CVE-2023-29109 | Improper Neutralization of Formula Elements in a CSV File vulnerability in SAP products The SAP Application Interface Framework (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 101, SAP_BASIS 755, 756, SAP_ABA 75C, 75D, 75E, application allows an Excel formula injection. | 4.6 |