Vulnerabilities > SAP

DATE CVE VULNERABILITY TITLE RISK
2022-06-14 CVE-2022-31589 Unspecified vulnerability in SAP products
Due to improper authorization check, business users who are using Israeli File from SHAAM program (/ATL/VQ23 transaction), are granted more than needed authorization to perform certain transaction, which may lead to users getting access to data that would otherwise be restricted.
network
low complexity
sap
6.5
2022-06-14 CVE-2022-31590 Unspecified vulnerability in SAP Powerdesigner Proxy 16.7
SAP PowerDesigner Proxy - version 16.7, allows an attacker with low privileges and has local access, with the ability to work around system’s root disk access restrictions to Write/Create a program file on system disk root path, which could then be executed with elevated privileges of the application during application start up or reboot, potentially compromising Confidentiality, Integrity and Availability of the system.
local
low complexity
sap
7.8
2022-06-14 CVE-2022-31594 Unspecified vulnerability in SAP Adaptive Server Enterprise
A highly privileged user can exploit SUID-root program to escalate his privileges to root on a local Unix system.
local
low complexity
sap
6.7
2022-06-14 CVE-2022-31595 Unspecified vulnerability in SAP Adaptive Server Enterprise
SAP Financial Consolidation - version 1010,?does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
network
low complexity
sap
8.8
2022-06-14 CVE-2022-32235 Unspecified vulnerability in SAP 3D Visual Enterprise Viewer 9
When a user opens manipulated AutoCAD (.dwg, TeighaTranslator.exe) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.
local
low complexity
sap
5.5
2022-06-14 CVE-2022-27668 Unspecified vulnerability in SAP products
Depending on the configuration of the route permission table in file 'saprouttab', it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, from a remote client, for example stopping the SAProuter, that could highly impact systems availability.
network
low complexity
sap
critical
9.8
2022-06-14 CVE-2022-29612 Unspecified vulnerability in SAP Host Agent and Netweaver Abap
SAP NetWeaver, ABAP Platform and SAP Host Agent - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, 8.04, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, 8.04, SAPHOSTAGENT 7.22, allows an authenticated user to misuse a function of sapcontrol webfunctionality(startservice) in Kernel which enables malicious users to retrieve information.
network
low complexity
sap
4.3
2022-06-13 CVE-2022-28217 Unspecified vulnerability in SAP Netweaver
Some part of SAP NetWeaver (EP Web Page Composer) does not sufficiently validate an XML document accepted from an untrusted source, which allows an adversary to exploit unprotected XML parking at endpoints, and a possibility to conduct SSRF attacks that could compromise system?s Availability by causing system to crash.
network
low complexity
sap
6.5
2022-06-06 CVE-2020-6220 Cross-site Scripting vulnerability in SAP Business Objects Business Intelligence Platform 4.1/4.2
BI Launchpad and CMC in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
high complexity
sap CWE-79
4.7
2022-06-06 CVE-2022-29617 Unspecified vulnerability in SAP Contributor License Agreement Assistant
Due to improper error handling an authenticated user can crash CLA assistant instance.
network
low complexity
sap
6.5