Vulnerabilities > SAP

DATE CVE VULNERABILITY TITLE RISK
2022-09-13 CVE-2022-35295 Unspecified vulnerability in SAP Host Agent 7.22
In SAP Host Agent (SAPOSCOL) - version 7.22, an attacker may use files created by saposcol to escalate privileges for themselves.
network
low complexity
sap
4.9
2022-09-13 CVE-2022-35298 Unspecified vulnerability in SAP Netweaver Enterprise Portal 7.50
SAP NetWeaver Enterprise Portal (KMC) - version 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability.
network
low complexity
sap
6.1
2022-09-13 CVE-2022-39014 Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 430
Under certain conditions SAP BusinessObjects Business Intelligence Platform Central Management Console (CMC) - version 430, allows an attacker to access certain unencrypted sensitive parameters which would otherwise be restricted.
network
low complexity
sap
5.3
2022-09-13 CVE-2022-39799 Unspecified vulnerability in SAP Netweaver Application Server Abap
An attacker with no prior authentication could craft and send malicious script to SAP GUI for HTML within Fiori Launchpad, resulting in reflected cross-site scripting attack.
network
low complexity
sap
6.1
2022-09-13 CVE-2022-39801 Unspecified vulnerability in SAP Access Control 12
SAP GRC Access control Emergency Access Management allows an authenticated attacker to access a Firefighter session even after it is closed in Firefighter Logon Pad.
network
high complexity
sap
7.5
2022-08-10 CVE-2022-32245 Unspecified vulnerability in SAP Businessobjects Business Intelligence 420/430
SAP BusinessObjects Business Intelligence Platform (Open Document) - versions 420, 430, allows an unauthenticated attacker to retrieve sensitive information plain text over the network.
network
low complexity
sap
8.2
2022-08-10 CVE-2022-35290 Unspecified vulnerability in SAP Authenticator
Under certain conditions SAP Authenticator for Android allows an attacker to access information which would otherwise be restricted.
network
low complexity
sap
7.5
2022-08-10 CVE-2022-35293 Unspecified vulnerability in SAP Enable NOW Manager 1.0
Due to insecure session management, SAP Enable Now allows an unauthenticated attacker to gain access to user's account.
network
low complexity
sap
critical
9.1
2022-07-27 CVE-2022-35291 Unspecified vulnerability in SAP Successfactors Mobile 8.0.5
Due to misconfigured application endpoints, SAP SuccessFactors attachment APIs allow attackers with user privileges to perform activities with admin privileges over the network.
network
low complexity
sap
8.1
2022-07-12 CVE-2022-28771 Unspecified vulnerability in SAP Business ONE License Service API 10.0
Due to missing authentication check, SAP Business one License service API - version 10.0 allows an unauthenticated attacker to send malicious http requests over the network.
network
low complexity
sap
7.5