Vulnerabilities > SAP

DATE CVE VULNERABILITY TITLE RISK
2022-12-13 CVE-2022-41274 Unspecified vulnerability in SAP Disclosure Management 10.1
SAP Disclosure Management - version 10.1, allows an authenticated attacker to exploit certain misconfigured application endpoints to read sensitive data.
network
low complexity
sap
6.5
2022-12-13 CVE-2022-41275 Open Redirect vulnerability in SAP Solution Manager 740/750
In SAP Solution Manager (Enterprise Search) - versions 740, and 750, an unauthenticated attacker can generate a link that, if clicked by a logged-in user, can be redirected to a malicious page that could read or modify sensitive information, or expose the user to a phishing attack, with little impact on confidentiality and integrity.
network
low complexity
sap CWE-601
6.1
2022-12-13 CVE-2022-41264 Unspecified vulnerability in SAP Basis
Due to the unrestricted scope of the RFC function module, SAP BASIS - versions 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, 791, allows an authenticated non-administrator attacker to access a system class and execute any of its public methods with parameters provided by the attacker.
network
low complexity
sap
8.8
2022-12-13 CVE-2022-41266 Unspecified vulnerability in SAP Commerce Webservices 2.0
Due to a lack of proper input validation, SAP Commerce Webservices 2.0 (Swagger UI) - versions 1905, 2005, 2105, 2011, 2205, allows malicious inputs from untrusted sources, which can be leveraged by an attacker to execute a DOM Cross-Site Scripting (XSS) attack.
network
low complexity
sap
6.1
2022-12-13 CVE-2022-41267 Unrestricted Upload of File with Dangerous Type vulnerability in SAP Business Objects Business Intelligence Platform 420/430
SAP Business Objects Platform - versions 420, and 430, allows an attacker with normal BI user privileges to upload/replace any file on Business Objects server at the operating system level, enabling the attacker to take full control of the system causing a high impact on confidentiality, integrity, and availability of the application.
network
low complexity
sap CWE-434
8.8
2022-12-13 CVE-2022-41268 Unspecified vulnerability in SAP Business Planning and Consolidation
In some SAP standard roles in SAP Business Planning and Consolidation - versions - SAP_BW 750, 751, 752, 753, 754, 755, 756, 757, DWCORE 200, 300, CPMBPC 810, a transaction code reserved for the customer is used.
network
high complexity
sap
7.5
2022-12-13 CVE-2022-41271 Missing Authorization vulnerability in SAP Netweaver Process Integration 7.50
An unauthenticated user can attach to an open interface exposed through JNDI by the Messaging System of SAP NetWeaver Process Integration (PI) - version 7.50.
network
low complexity
sap CWE-862
critical
9.4
2022-12-12 CVE-2022-41261 Unspecified vulnerability in SAP Solution Manager 7.20
SAP Solution Manager (Diagnostic Agent) - version 7.20, allows an authenticated attacker on Windows system to access a file containing sensitive data which can be used to access a configuration file which contains credentials to access other system files.
local
low complexity
sap
5.5
2022-12-12 CVE-2022-41262 Unspecified vulnerability in SAP Netweaver Application Server Java 7.50
Due to insufficient input validation, SAP NetWeaver AS Java (HTTP Provider Service) - version 7.50, allows an unauthenticated attacker to inject a script into a web request header.
network
low complexity
sap
6.1
2022-12-12 CVE-2022-41263 Unspecified vulnerability in SAP Business Objects Business Intelligence Platform 420/430
Due to a missing authentication check, SAP Business Objects Business Intelligence Platform (Web Intelligence) - versions 420, 430, allows an authenticated non-administrator attacker to modify the data source information for a document that is otherwise restricted.
network
low complexity
sap
4.3