Vulnerabilities > SAP
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-11 | CVE-2022-41200 | Unspecified vulnerability in SAP 3D Visual Enterprise Viewer 9 Due to lack of proper memory management, when a victim opens a manipulated Scalable Vector Graphic (.svg, svg.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | 7.8 |
| 2022-10-11 | CVE-2022-41201 | Unspecified vulnerability in SAP 3D Visual Enterprise Viewer 9 Due to lack of proper memory management, when a victim opens a manipulated Right Hemisphere Binary (.rh, rh.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | 7.8 |
| 2022-10-11 | CVE-2022-41202 | Unspecified vulnerability in SAP 3D Visual Enterprise Viewer 9 Due to lack of proper memory management, when a victim opens a manipulated Visual Design Stream (.vds, vds.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | 7.8 |
| 2022-10-11 | CVE-2022-41204 | Unspecified vulnerability in SAP Commerce An attacker can change the content of an SAP Commerce - versions 1905, 2005, 2105, 2011, 2205, login page through a manipulated URL. | 8.8 |
| 2022-10-11 | CVE-2022-41206 | Unspecified vulnerability in SAP Businessobjects Business Intelligence 420/430 SAP BusinessObjects Business Intelligence platform (Analysis for OLAP) - versions 420, 430, allows an authenticated attacker to send user-controlled inputs when OLAP connections are created and edited in the Central Management Console. | 5.4 |
| 2022-10-11 | CVE-2022-41209 | Unspecified vulnerability in SAP Customer Data Cloud 7.4 SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses encryption method which lacks proper diffusion and does not hide the patterns well. low complexity sap | 5.2 |
| 2022-10-11 | CVE-2022-41210 | Unspecified vulnerability in SAP Customer Data Cloud 7.4 SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses insecure random number generator program which makes it easy for the attacker to predict future random numbers. low complexity sap | 5.2 |
| 2022-09-13 | CVE-2022-32244 | Unspecified vulnerability in SAP Businessobjects Business Intelligence 420/430 Under certain conditions an attacker authenticated as a CMS administrator access the BOE Commentary database and retrieve (non-personal) system data, modify system data but can't make the system unavailable. low complexity sap | 5.2 |
| 2022-09-13 | CVE-2022-35292 | Unspecified vulnerability in SAP Business ONE 10.0 In SAP Business One application when a service is created, the executable path contains spaces and isn’t enclosed within quotes, leading to a vulnerability known as Unquoted Service Path which allows a user to gain SYSTEM privileges. | 7.8 |
| 2022-09-13 | CVE-2022-35294 | Unspecified vulnerability in SAP Netweaver Application Server Abap An attacker with basic business user privileges could craft and upload a malicious file to SAP NetWeaver Application Server ABAP, which is then downloaded and viewed by other users resulting in a stored Cross-Site-Scripting attack. | 5.4 |