Vulnerabilities > SAP
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-10 | CVE-2022-32245 | Cleartext Transmission of Sensitive Information vulnerability in SAP Businessobjects Business Intelligence 420/430 SAP BusinessObjects Business Intelligence Platform (Open Document) - versions 420, 430, allows an unauthenticated attacker to retrieve sensitive information plain text over the network. | 8.2 |
| 2022-08-10 | CVE-2022-35290 | Unspecified vulnerability in SAP Authenticator Under certain conditions SAP Authenticator for Android allows an attacker to access information which would otherwise be restricted. | 7.5 |
| 2022-08-10 | CVE-2022-35293 | Missing Authorization vulnerability in SAP Enable NOW Manager 1.0 Due to insecure session management, SAP Enable Now allows an unauthenticated attacker to gain access to user's account. | 9.1 |
| 2022-07-27 | CVE-2022-35291 | Improper Privilege Management vulnerability in SAP Successfactors Mobile 8.0.5 Due to misconfigured application endpoints, SAP SuccessFactors attachment APIs allow attackers with user privileges to perform activities with admin privileges over the network. | 8.1 |
| 2022-07-12 | CVE-2022-28771 | Missing Authentication for Critical Function vulnerability in SAP Business ONE License Service API 10.0 Due to missing authentication check, SAP Business one License service API - version 10.0 allows an unauthenticated attacker to send malicious http requests over the network. | 7.5 |
| 2022-07-12 | CVE-2022-29619 | Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 420/430 Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.x - versions 420,430 allows user Administrator to view, edit or modify rights of objects it doesn't own and which would otherwise be restricted. | 6.5 |
| 2022-07-12 | CVE-2022-31591 | Unquoted Search Path or Element vulnerability in SAP Businessobjects BW Publisher Service 420/430 SAP BusinessObjects BW Publisher Service - versions 420, 430, uses a search path that contains an unquoted element. | 7.8 |
| 2022-07-12 | CVE-2022-31592 | Missing Authorization vulnerability in SAP Enterprise Extension Defense Forces & Public Security The application SAP Enterprise Extension Defense Forces & Public Security - versions 605, 606, 616,617,618, 802, 803, 804, 805, 806, does not perform necessary authorization checks for an authenticated user over the network, resulting in escalation of privileges leading to a limited impact on confidentiality. | 4.3 |
| 2022-07-12 | CVE-2022-31593 | Injection vulnerability in SAP Business ONE 10.0 SAP Business One client - version 10.0 allows an attacker with low privileges, to inject code that can be executed by the application. | 8.8 |
| 2022-07-12 | CVE-2022-31597 | Missing Authorization vulnerability in SAP S/4Hana and Sapscore Within SAP S/4HANA - versions S4CORE 101, 102, 103, 104, 105, 106, SAPSCORE 127, the application business partner extension for Spain/Slovakia does not perform necessary authorization checks for a low privileged authenticated user over the network, resulting in escalation of privileges leading to low impact on confidentiality and integrity of the data. | 5.4 |