Vulnerabilities > SAP
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-12 | CVE-2022-41261 | Unspecified vulnerability in SAP Solution Manager 7.20 SAP Solution Manager (Diagnostic Agent) - version 7.20, allows an authenticated attacker on Windows system to access a file containing sensitive data which can be used to access a configuration file which contains credentials to access other system files. | 5.5 |
| 2022-12-12 | CVE-2022-41262 | Unspecified vulnerability in SAP Netweaver Application Server Java 7.50 Due to insufficient input validation, SAP NetWeaver AS Java (HTTP Provider Service) - version 7.50, allows an unauthenticated attacker to inject a script into a web request header. | 6.1 |
| 2022-12-12 | CVE-2022-41263 | Unspecified vulnerability in SAP Business Objects Business Intelligence Platform 420/430 Due to a missing authentication check, SAP Business Objects Business Intelligence Platform (Web Intelligence) - versions 420, 430, allows an authenticated non-administrator attacker to modify the data source information for a document that is otherwise restricted. | 4.3 |
| 2022-12-12 | CVE-2022-31596 | Unspecified vulnerability in SAP Business Objects Business Intelligence Platform 430 Under certain conditions, an attacker authenticated as a CMS administrator and with high privileges access to the Network in SAP BusinessObjects Business Intelligence Platform (Monitoring DB) - version 430, can access BOE Monitoring database to retrieve and modify (non-personal) system data which would otherwise be restricted. | 6.0 |
| 2022-11-08 | CVE-2022-41203 | Unspecified vulnerability in SAP Businessobjects Business Intelligence 4.2/4.3 In some workflow of SAP BusinessObjects BI Platform (Central Management Console and BI LaunchPad), an authenticated attacker with low privileges can intercept a serialized object in the parameters and substitute with another malicious serialized object, which leads to deserialization of untrusted data vulnerability. | 8.8 |
| 2022-11-08 | CVE-2022-41205 | Unspecified vulnerability in SAP GUI 7.70 SAP GUI allows an authenticated attacker to execute scripts in the local network. | 6.1 |
| 2022-11-08 | CVE-2022-41207 | Unspecified vulnerability in SAP Biller Direct 635/750 SAP Biller Direct allows an unauthenticated attacker to craft a legitimate looking URL. | 6.1 |
| 2022-11-08 | CVE-2022-41208 | Cross-site Scripting vulnerability in SAP Financial Consolidation 1010 Due to insufficient input validation, SAP Financial Consolidation - version 1010, allows an authenticated attacker with user privileges to alter current user session. | 5.4 |
| 2022-11-08 | CVE-2022-41211 | Unspecified vulnerability in SAP products Due to lack of proper memory management, when a victim opens manipulated file received from untrusted sources in SAP 3D Visual Enterprise Author and SAP 3D Visual Enterprise Viewer, Arbitrary Code Execution can be triggered when payload forces:Re-use of dangling pointer which refers to overwritten space in memory. | 7.8 |
| 2022-11-08 | CVE-2022-41212 | Unspecified vulnerability in SAP Netweaver Application Server Abap Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to read a file which is otherwise restricted. | 4.9 |