Vulnerabilities > SAP
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-13 | CVE-2022-35295 | Unspecified vulnerability in SAP Host Agent 7.22 In SAP Host Agent (SAPOSCOL) - version 7.22, an attacker may use files created by saposcol to escalate privileges for themselves. | 4.9 |
| 2022-09-13 | CVE-2022-35298 | Unspecified vulnerability in SAP Netweaver Enterprise Portal 7.50 SAP NetWeaver Enterprise Portal (KMC) - version 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability. | 6.1 |
| 2022-09-13 | CVE-2022-39014 | Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 430 Under certain conditions SAP BusinessObjects Business Intelligence Platform Central Management Console (CMC) - version 430, allows an attacker to access certain unencrypted sensitive parameters which would otherwise be restricted. | 5.3 |
| 2022-09-13 | CVE-2022-39799 | Unspecified vulnerability in SAP Netweaver Application Server Abap An attacker with no prior authentication could craft and send malicious script to SAP GUI for HTML within Fiori Launchpad, resulting in reflected cross-site scripting attack. | 6.1 |
| 2022-09-13 | CVE-2022-39801 | Unspecified vulnerability in SAP Access Control 12 SAP GRC Access control Emergency Access Management allows an authenticated attacker to access a Firefighter session even after it is closed in Firefighter Logon Pad. | 7.5 |
| 2022-08-10 | CVE-2022-32245 | Unspecified vulnerability in SAP Businessobjects Business Intelligence 420/430 SAP BusinessObjects Business Intelligence Platform (Open Document) - versions 420, 430, allows an unauthenticated attacker to retrieve sensitive information plain text over the network. | 8.2 |
| 2022-08-10 | CVE-2022-35290 | Unspecified vulnerability in SAP Authenticator Under certain conditions SAP Authenticator for Android allows an attacker to access information which would otherwise be restricted. | 7.5 |
| 2022-08-10 | CVE-2022-35293 | Unspecified vulnerability in SAP Enable NOW Manager 1.0 Due to insecure session management, SAP Enable Now allows an unauthenticated attacker to gain access to user's account. | 9.1 |
| 2022-07-27 | CVE-2022-35291 | Unspecified vulnerability in SAP Successfactors Mobile 8.0.5 Due to misconfigured application endpoints, SAP SuccessFactors attachment APIs allow attackers with user privileges to perform activities with admin privileges over the network. | 8.1 |
| 2022-07-12 | CVE-2022-28771 | Unspecified vulnerability in SAP Business ONE License Service API 10.0 Due to missing authentication check, SAP Business one License service API - version 10.0 allows an unauthenticated attacker to send malicious http requests over the network. | 7.5 |