Vulnerabilities > SAP
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-12 | CVE-2022-28773 | Unspecified vulnerability in SAP Netweaver and web Dispatcher Due to an uncontrolled recursion in SAP Web Dispatcher and SAP Internet Communication Manager, the application may crash, leading to denial of service, but can be restarted automatically. | 7.5 |
| 2022-03-28 | CVE-2022-27658 | Unspecified vulnerability in SAP Innovation Management 2.0 Under certain conditions, SAP Innovation management - version 2.0, allows an attacker to access information which could lead to information gathering for further exploits and attacks. | 7.5 |
| 2022-03-10 | CVE-2022-26100 | Improper Input Validation vulnerability in SAP Sapcar 7.22 SAPCAR - version 7.22, does not contain sufficient input validation on the SAPCAR archive. | 9.8 |
| 2022-03-10 | CVE-2022-26101 | Unspecified vulnerability in SAP Fiori Launchpad 754/755/756 Fiori launchpad - versions 754, 755, 756, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 6.1 |
| 2022-03-10 | CVE-2022-26102 | Missing Authorization vulnerability in SAP Netweaver Application Server Abap Due to missing authorization check, SAP NetWeaver Application Server for ABAP - versions 700, 701, 702, 731, allows an authenticated attacker, to access content on the start screen of any transaction that is available with in the same SAP system even if he/she isn't authorized for that transaction. | 5.4 |
| 2022-03-10 | CVE-2022-26103 | Unspecified vulnerability in SAP Netweaver Application Server Java 7.50 Under certain conditions, SAP NetWeaver (Real Time Messaging Framework) - version 7.50, allows an attacker to access information which could lead to information gathering for further exploits and attacks. | 5.3 |
| 2022-03-10 | CVE-2022-26104 | Missing Authorization vulnerability in SAP Financial Consolidation 10.1 SAP Financial Consolidation - version 10.1, does not perform necessary authorization checks for updating homepage messages, resulting for an unauthorized user to alter the maintenance system message. | 5.3 |
| 2022-03-10 | CVE-2022-24395 | Unspecified vulnerability in SAP Netweaver Enterprise Portal SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability. | 6.1 |
| 2022-03-10 | CVE-2022-24396 | Unspecified vulnerability in SAP Simple Diagnostics Agent The Simple Diagnostics Agent - versions 1.0 up to version 1.57, does not perform any authentication checks for functionalities that can be accessed via localhost on http port 3005. | 7.8 |
| 2022-03-10 | CVE-2022-24397 | Unspecified vulnerability in SAP Netweaver Enterprise Portal SAP NetWeaver Enterprise Portal - versions 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.This reflected cross-site scripting attack can be used to non-permanently deface or modify displayed content of portal Website. | 6.1 |