Vulnerabilities > SAP

DATE CVE VULNERABILITY TITLE RISK
2022-10-11 CVE-2022-41200 Unspecified vulnerability in SAP 3D Visual Enterprise Viewer 9
Due to lack of proper memory management, when a victim opens a manipulated Scalable Vector Graphic (.svg, svg.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.
local
low complexity
sap
7.8
2022-10-11 CVE-2022-41201 Unspecified vulnerability in SAP 3D Visual Enterprise Viewer 9
Due to lack of proper memory management, when a victim opens a manipulated Right Hemisphere Binary (.rh, rh.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.
local
low complexity
sap
7.8
2022-10-11 CVE-2022-41202 Unspecified vulnerability in SAP 3D Visual Enterprise Viewer 9
Due to lack of proper memory management, when a victim opens a manipulated Visual Design Stream (.vds, vds.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.
local
low complexity
sap
7.8
2022-10-11 CVE-2022-41204 Unspecified vulnerability in SAP Commerce
An attacker can change the content of an SAP Commerce - versions 1905, 2005, 2105, 2011, 2205, login page through a manipulated URL.
network
low complexity
sap
8.8
2022-10-11 CVE-2022-41206 Unspecified vulnerability in SAP Businessobjects Business Intelligence 420/430
SAP BusinessObjects Business Intelligence platform (Analysis for OLAP) - versions 420, 430, allows an authenticated attacker to send user-controlled inputs when OLAP connections are created and edited in the Central Management Console.
network
low complexity
sap
5.4
2022-10-11 CVE-2022-41209 Unspecified vulnerability in SAP Customer Data Cloud 7.4
SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses encryption method which lacks proper diffusion and does not hide the patterns well.
low complexity
sap
5.2
2022-10-11 CVE-2022-41210 Unspecified vulnerability in SAP Customer Data Cloud 7.4
SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses insecure random number generator program which makes it easy for the attacker to predict future random numbers.
low complexity
sap
5.2
2022-09-13 CVE-2022-32244 Unspecified vulnerability in SAP Businessobjects Business Intelligence 420/430
Under certain conditions an attacker authenticated as a CMS administrator access the BOE Commentary database and retrieve (non-personal) system data, modify system data but can't make the system unavailable.
low complexity
sap
5.2
2022-09-13 CVE-2022-35292 Unspecified vulnerability in SAP Business ONE 10.0
In SAP Business One application when a service is created, the executable path contains spaces and isn’t enclosed within quotes, leading to a vulnerability known as Unquoted Service Path which allows a user to gain SYSTEM privileges.
local
low complexity
sap
7.8
2022-09-13 CVE-2022-35294 Unspecified vulnerability in SAP Netweaver Application Server Abap
An attacker with basic business user privileges could craft and upload a malicious file to SAP NetWeaver Application Server ABAP, which is then downloaded and viewed by other users resulting in a stored Cross-Site-Scripting attack.
network
low complexity
sap
5.4