Vulnerabilities > SAP
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-12 | CVE-2022-27657 | Unspecified vulnerability in SAP Focused RUN 1.0 A highly privileged remote attacker, can gain unauthorized access to display contents of restricted directories by exploiting insufficient validation of path information in SAP Focused Run (Simple Diagnostics Agent 1.0) - version 1.0. | 2.7 |
| 2022-04-12 | CVE-2022-27667 | Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 430 Under certain conditions, SAP BusinessObjects Business Intelligence platform, Client Management Console (CMC) - version 430, allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure. | 7.5 |
| 2022-04-12 | CVE-2022-27669 | Unspecified vulnerability in SAP Netweaver Application Server for Java 7.50 An unauthenticated user can use functions of XML Data Archiving Service of SAP NetWeaver Application Server for Java - version 7.50, to which access should be restricted. | 7.5 |
| 2022-04-12 | CVE-2022-27670 | Unspecified vulnerability in SAP SQL Anywhere 17.0 SAP SQL Anywhere - version 17.0, allows an authenticated attacker to prevent legitimate users from accessing a SQL Anywhere database server by crashing the server with some queries that use indirect identifiers. | 6.5 |
| 2022-04-12 | CVE-2022-27671 | Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 420/430 A CSRF token visible in the URL may possibly lead to information disclosure vulnerability. | 6.5 |
| 2022-04-12 | CVE-2022-28213 | Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 420/430 When a user access SOAP Web services in SAP BusinessObjects Business Intelligence Platform - version 420, 430, it does not sufficiently validate the XML document accepted from an untrusted source, which might result in arbitrary files retrieval from the server and in successful exploits of DoS. | 8.1 |
| 2022-04-12 | CVE-2022-28215 | Unspecified vulnerability in SAP Netweaver Abap 740/750/787 SAP NetWeaver ABAP Server and ABAP Platform - versions 740, 750, 787, allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. | 4.7 |
| 2022-04-12 | CVE-2022-28216 | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 420 SAP BusinessObjects Business Intelligence Platform (BI Workspace) - version 420, is susceptible to a Cross-Site Scripting attack by an unauthenticated attacker due to improper sanitization of the user inputs on the network. | 6.1 |
| 2022-04-12 | CVE-2022-28770 | Unspecified vulnerability in SAP Sapui5 Library Due to insufficient input validation, SAPUI5 library(vbm) - versions 750, 753, 754, 755, 75, allows an unauthenticated attacker to inject a script into the URL and execute code. | 6.1 |
| 2022-04-12 | CVE-2022-28772 | Out-of-bounds Write vulnerability in SAP Netweaver and web Dispatcher By overlong input values an attacker may force overwrite of the internal program stack in SAP Web Dispatcher - versions 7.53, 7.77, 7.81, 7.85, 7.86, or Internet Communication Manager - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, which makes these programs unavailable, leading to denial of service. | 7.5 |