Vulnerabilities > SAP
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-08 | CVE-2022-41259 | Unspecified vulnerability in SAP SQL Anywhere 17.0 SAP SQL Anywhere - version 17.0, allows an authenticated attacker to prevent legitimate users from accessing a SQL Anywhere database server by crashing the server with some queries that use an ARRAY constructor. | 6.5 |
| 2022-11-08 | CVE-2022-41260 | Cross-site Scripting vulnerability in SAP Financial Consolidation 1010 SAP Financial Consolidation - version 1010, does not sufficiently encode user-controlled input which may allow an unauthenticated attacker to inject a web script via a GET request. | 6.1 |
| 2022-10-11 | CVE-2022-35226 | Unspecified vulnerability in SAP Data Services 4.2/4.3 SAP Data Services Management allows an attacker to copy the data from a request and echoed into the application's immediate response, it will lead to a Cross-Site Scripting vulnerability. | 6.1 |
| 2022-10-11 | CVE-2022-35296 | Information Exposure vulnerability in SAP Businessobjects Business Intelligence 420/430 Under certain conditions, the application SAP BusinessObjects Business Intelligence Platform (Version Management System) exposes sensitive information to an actor over the network with high privileges that is not explicitly authorized to have access to that information, leading to a high impact on Confidentiality. | 4.9 |
| 2022-10-11 | CVE-2022-35297 | Unspecified vulnerability in SAP Enable NOW 10 The application SAP Enable Now does not sufficiently encode user-controlled inputs over the network before it is placed in the output being served to other users, thereby expanding the attack scope, resulting in Stored Cross-Site Scripting (XSS) vulnerability leading to limited impact on Confidentiality, Integrity and Availability. | 5.4 |
| 2022-10-11 | CVE-2022-35299 | Unspecified vulnerability in SAP IQ and SQL Anywhere SAP SQL Anywhere - version 17.0, and SAP IQ - version 16.1, allows an attacker to leverage logical errors in memory management to cause a memory corruption, such as Stack-based buffer overflow. | 9.8 |
| 2022-10-11 | CVE-2022-39013 | Unspecified vulnerability in SAP Business Objects Business Intelligence Platform 420/430 Under certain conditions an authenticated attacker can get access to OS credentials. | 7.6 |
| 2022-10-11 | CVE-2022-39015 | Unspecified vulnerability in SAP Business Objects Business Intelligence Platform 420/430 Under certain conditions, BOE AdminTools/ BOE SDK allows an attacker to access information which would otherwise be restricted. | 6.5 |
| 2022-10-11 | CVE-2022-39800 | Unspecified vulnerability in SAP Businessobjects Business Intelligence 420/430 SAP BusinessObjects BI LaunchPad - versions 420, 430, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the network. | 6.1 |
| 2022-10-11 | CVE-2022-39802 | Unspecified vulnerability in SAP Manufacturing Execution 15.1/15.2/15.3 SAP Manufacturing Execution - versions 15.1, 15.2, 15.3, allows an attacker to exploit insufficient validation of a file path request parameter. | 7.5 |