Vulnerabilities > SAP
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-11 | CVE-2022-41209 | Inadequate Encryption Strength vulnerability in SAP Customer Data Cloud 7.4 SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses encryption method which lacks proper diffusion and does not hide the patterns well. | 5.2 |
| 2022-10-11 | CVE-2022-41210 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in SAP Customer Data Cloud 7.4 SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses insecure random number generator program which makes it easy for the attacker to predict future random numbers. | 5.2 |
| 2022-09-13 | CVE-2022-32244 | Unspecified vulnerability in SAP Businessobjects Business Intelligence 420/430 Under certain conditions an attacker authenticated as a CMS administrator access the BOE Commentary database and retrieve (non-personal) system data, modify system data but can't make the system unavailable. low complexity sap | 5.2 |
| 2022-09-13 | CVE-2022-35292 | Unquoted Search Path or Element vulnerability in SAP Business ONE 10.0 In SAP Business One application when a service is created, the executable path contains spaces and isn’t enclosed within quotes, leading to a vulnerability known as Unquoted Service Path which allows a user to gain SYSTEM privileges. | 7.8 |
| 2022-09-13 | CVE-2022-35294 | Cross-site Scripting vulnerability in SAP Netweaver Application Server Abap An attacker with basic business user privileges could craft and upload a malicious file to SAP NetWeaver Application Server ABAP, which is then downloaded and viewed by other users resulting in a stored Cross-Site-Scripting attack. | 5.4 |
| 2022-09-13 | CVE-2022-35295 | Improper Handling of Exceptional Conditions vulnerability in SAP Host Agent 7.22 In SAP Host Agent (SAPOSCOL) - version 7.22, an attacker may use files created by saposcol to escalate privileges for themselves. | 4.9 |
| 2022-09-13 | CVE-2022-35298 | Cross-site Scripting vulnerability in SAP Netweaver Enterprise Portal 7.50 SAP NetWeaver Enterprise Portal (KMC) - version 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability. | 6.1 |
| 2022-09-13 | CVE-2022-39014 | Missing Encryption of Sensitive Data vulnerability in SAP Businessobjects Business Intelligence Platform 430 Under certain conditions SAP BusinessObjects Business Intelligence Platform Central Management Console (CMC) - version 430, allows an attacker to access certain unencrypted sensitive parameters which would otherwise be restricted. | 5.3 |
| 2022-09-13 | CVE-2022-39799 | Cross-site Scripting vulnerability in SAP Netweaver Application Server Abap An attacker with no prior authentication could craft and send malicious script to SAP GUI for HTML within Fiori Launchpad, resulting in reflected cross-site scripting attack. | 6.1 |
| 2022-09-13 | CVE-2022-39801 | Improper Authentication vulnerability in SAP Access Control 12 SAP GRC Access control Emergency Access Management allows an authenticated attacker to access a Firefighter session even after it is closed in Firefighter Logon Pad. | 7.5 |