Vulnerabilities > SAP
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-12 | CVE-2022-31596 | Unspecified vulnerability in SAP Business Objects Business Intelligence Platform 430 Under certain conditions, an attacker authenticated as a CMS administrator and with high privileges access to the Network in SAP BusinessObjects Business Intelligence Platform (Monitoring DB) - version 430, can access BOE Monitoring database to retrieve and modify (non-personal) system data which would otherwise be restricted. | 6.0 |
| 2022-11-08 | CVE-2022-41203 | Unspecified vulnerability in SAP Businessobjects Business Intelligence 4.2/4.3 In some workflow of SAP BusinessObjects BI Platform (Central Management Console and BI LaunchPad), an authenticated attacker with low privileges can intercept a serialized object in the parameters and substitute with another malicious serialized object, which leads to deserialization of untrusted data vulnerability. | 8.8 |
| 2022-11-08 | CVE-2022-41205 | Unspecified vulnerability in SAP GUI 7.70 SAP GUI allows an authenticated attacker to execute scripts in the local network. | 6.1 |
| 2022-11-08 | CVE-2022-41207 | Unspecified vulnerability in SAP Biller Direct 635/750 SAP Biller Direct allows an unauthenticated attacker to craft a legitimate looking URL. | 6.1 |
| 2022-11-08 | CVE-2022-41208 | Cross-site Scripting vulnerability in SAP Financial Consolidation 1010 Due to insufficient input validation, SAP Financial Consolidation - version 1010, allows an authenticated attacker with user privileges to alter current user session. | 5.4 |
| 2022-11-08 | CVE-2022-41211 | Unspecified vulnerability in SAP products Due to lack of proper memory management, when a victim opens manipulated file received from untrusted sources in SAP 3D Visual Enterprise Author and SAP 3D Visual Enterprise Viewer, Arbitrary Code Execution can be triggered when payload forces:Re-use of dangling pointer which refers to overwritten space in memory. | 7.8 |
| 2022-11-08 | CVE-2022-41212 | Unspecified vulnerability in SAP Netweaver Application Server Abap Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to read a file which is otherwise restricted. | 4.9 |
| 2022-11-08 | CVE-2022-41214 | Unspecified vulnerability in SAP Netweaver Application Server Abap Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to delete a file which is otherwise restricted. | 8.7 |
| 2022-11-08 | CVE-2022-41215 | Unspecified vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver ABAP Server and ABAP Platform allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. | 4.7 |
| 2022-11-08 | CVE-2022-41258 | Cross-site Scripting vulnerability in SAP Financial Consolidation 1010 Due to insufficient input validation, SAP Financial Consolidation - version 1010, allows an authenticated attacker to inject malicious script when running a common query in the Web Administration Console. | 6.5 |