Vulnerabilities > SAP

DATE CVE VULNERABILITY TITLE RISK
2022-12-12 CVE-2022-31596 Unspecified vulnerability in SAP Business Objects Business Intelligence Platform 430
Under certain conditions, an attacker authenticated as a CMS administrator and with high privileges access to the Network in SAP BusinessObjects Business Intelligence Platform (Monitoring DB) - version 430, can access BOE Monitoring database to retrieve and modify (non-personal) system data which would otherwise be restricted.
network
low complexity
sap
6.0
2022-11-08 CVE-2022-41203 Unspecified vulnerability in SAP Businessobjects Business Intelligence 4.2/4.3
In some workflow of SAP BusinessObjects BI Platform (Central Management Console and BI LaunchPad), an authenticated attacker with low privileges can intercept a serialized object in the parameters and substitute with another malicious serialized object, which leads to deserialization of untrusted data vulnerability.
network
low complexity
sap
8.8
2022-11-08 CVE-2022-41205 Unspecified vulnerability in SAP GUI 7.70
SAP GUI allows an authenticated attacker to execute scripts in the local network.
local
low complexity
sap
6.1
2022-11-08 CVE-2022-41207 Unspecified vulnerability in SAP Biller Direct 635/750
SAP Biller Direct allows an unauthenticated attacker to craft a legitimate looking URL.
network
low complexity
sap
6.1
2022-11-08 CVE-2022-41208 Cross-site Scripting vulnerability in SAP Financial Consolidation 1010
Due to insufficient input validation, SAP Financial Consolidation - version 1010, allows an authenticated attacker with user privileges to alter current user session.
network
low complexity
sap CWE-79
5.4
2022-11-08 CVE-2022-41211 Unspecified vulnerability in SAP products
Due to lack of proper memory management, when a victim opens manipulated file received from untrusted sources in SAP 3D Visual Enterprise Author and SAP 3D Visual Enterprise Viewer, Arbitrary Code Execution can be triggered when payload forces:Re-use of dangling pointer which refers to overwritten space in memory.
local
low complexity
sap
7.8
2022-11-08 CVE-2022-41212 Unspecified vulnerability in SAP Netweaver Application Server Abap
Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to read a file which is otherwise restricted.
network
low complexity
sap
4.9
2022-11-08 CVE-2022-41214 Unspecified vulnerability in SAP Netweaver Application Server Abap
Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to delete a file which is otherwise restricted.
network
low complexity
sap
8.7
2022-11-08 CVE-2022-41215 Unspecified vulnerability in SAP Netweaver Application Server Abap
SAP NetWeaver ABAP Server and ABAP Platform allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation.
network
low complexity
sap
4.7
2022-11-08 CVE-2022-41258 Cross-site Scripting vulnerability in SAP Financial Consolidation 1010
Due to insufficient input validation, SAP Financial Consolidation - version 1010, allows an authenticated attacker to inject malicious script when running a common query in the Web Administration Console.
network
low complexity
sap CWE-79
6.5