Vulnerabilities > SAP

DATE CVE VULNERABILITY TITLE RISK
2023-04-11 CVE-2023-28761 Unspecified vulnerability in SAP Netweaver Enterprise Portal 7.50
In SAP NetWeaver Enterprise Portal - version 7.50, an unauthenticated attacker can attach to an open interface and make use of an open API to access a service which will enable them to access or modify server settings and data, leading to limited impact on confidentiality and integrity.
network
low complexity
sap
6.5
2023-04-11 CVE-2023-28763 Unspecified vulnerability in SAP Netweaver Application Server Abap
SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker authenticated as a non-administrative user to craft a request with certain parameters which can consume the server's resources sufficiently to make it unavailable over the network without any user interaction.
network
low complexity
sap
6.5
2023-04-11 CVE-2023-28765 Unspecified vulnerability in SAP Businessobjects Business Intelligence 420/430
An attacker with basic privileges in SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, can get access to lcmbiar file and further decrypt the file.
network
low complexity
sap
critical
9.8
2023-04-11 CVE-2023-29108 Unspecified vulnerability in SAP Abap Platform Kernel and web Dispatcher
The IP filter in ABAP Platform and SAP Web Dispatcher - versions WEBDISP 7.85, 7.89, KERNEL 7.85, 7.89, 7.91, may be vulnerable by erroneous IP netmask handling.
network
low complexity
sap
5.3
2023-04-11 CVE-2023-29109 Unspecified vulnerability in SAP products
The SAP Application Interface Framework (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 101, SAP_BASIS 755, 756, SAP_ABA 75C, 75D, 75E, application allows an Excel formula injection.
network
low complexity
sap
4.6
2023-03-14 CVE-2023-27271 Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 420/430
In SAP BusinessObjects Business Intelligence Platform (Web Services) - versions 420, 430, an attacker can control a malicious BOE server, forcing the application server to connect to its own admintools, leading to a high impact on availability.
network
low complexity
sap
7.5
2023-03-14 CVE-2023-27498 Unspecified vulnerability in SAP Host Agent 7.22
SAP Host Agent (SAPOSCOL) - version 7.22, allows an unauthenticated attacker with network access to a server port assigned to the SAP Start Service to submit a crafted request which results in a memory corruption error.
network
low complexity
sap
7.2
2023-03-14 CVE-2023-27500 Path Traversal vulnerability in SAP Netweaver Application Server Abap
An attacker with non-administrative authorizations can exploit a directory traversal flaw in program SAPRSBRO to over-write system files.
network
low complexity
sap CWE-22
8.1
2023-03-14 CVE-2023-27501 Unspecified vulnerability in SAP Netweaver Application Server Abap
SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker to exploit insufficient validation of path information provided by users, thus exploiting a directory traversal flaw in an available service to delete system files.
network
low complexity
sap
critical
9.6
2023-03-14 CVE-2023-27893 Unspecified vulnerability in SAP Solution Manager 740
An attacker authenticated as a user with a non-administrative role and a common remote execution authorization in SAP Solution Manager and ABAP managed systems (ST-PI) - versions 2088_1_700, 2008_1_710, 740, can use a vulnerable interface to execute an application function to perform actions which they would not normally be permitted to perform.  Depending on the function executed, the attack can read or modify any user or application data and can make the application unavailable.
network
low complexity
sap
8.8