Vulnerabilities > SAP

DATE CVE VULNERABILITY TITLE RISK
2022-04-12 CVE-2022-28213 Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 420/430
When a user access SOAP Web services in SAP BusinessObjects Business Intelligence Platform - version 420, 430, it does not sufficiently validate the XML document accepted from an untrusted source, which might result in arbitrary files retrieval from the server and in successful exploits of DoS.
network
low complexity
sap
8.1
2022-04-12 CVE-2022-28215 Unspecified vulnerability in SAP Netweaver Abap 740/750/787
SAP NetWeaver ABAP Server and ABAP Platform - versions 740, 750, 787, allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation.
network
low complexity
sap
4.7
2022-04-12 CVE-2022-28216 Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 420
SAP BusinessObjects Business Intelligence Platform (BI Workspace) - version 420, is susceptible to a Cross-Site Scripting attack by an unauthenticated attacker due to improper sanitization of the user inputs on the network.
network
low complexity
sap CWE-79
6.1
2022-04-12 CVE-2022-28770 Unspecified vulnerability in SAP Sapui5 Library
Due to insufficient input validation, SAPUI5 library(vbm) - versions 750, 753, 754, 755, 75, allows an unauthenticated attacker to inject a script into the URL and execute code.
network
low complexity
sap
6.1
2022-04-12 CVE-2022-28772 Out-of-bounds Write vulnerability in SAP Netweaver and web Dispatcher
By overlong input values an attacker may force overwrite of the internal program stack in SAP Web Dispatcher - versions 7.53, 7.77, 7.81, 7.85, 7.86, or Internet Communication Manager - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, which makes these programs unavailable, leading to denial of service.
network
low complexity
sap CWE-787
7.5
2022-04-12 CVE-2022-28773 Unspecified vulnerability in SAP Netweaver and web Dispatcher
Due to an uncontrolled recursion in SAP Web Dispatcher and SAP Internet Communication Manager, the application may crash, leading to denial of service, but can be restarted automatically.
network
low complexity
sap
7.5
2022-03-28 CVE-2022-27658 Unspecified vulnerability in SAP Innovation Management 2.0
Under certain conditions, SAP Innovation management - version 2.0, allows an attacker to access information which could lead to information gathering for further exploits and attacks.
network
low complexity
sap
7.5
2022-03-10 CVE-2022-26100 Improper Input Validation vulnerability in SAP Sapcar 7.22
SAPCAR - version 7.22, does not contain sufficient input validation on the SAPCAR archive.
network
low complexity
sap CWE-20
critical
9.8
2022-03-10 CVE-2022-26101 Unspecified vulnerability in SAP Fiori Launchpad 754/755/756
Fiori launchpad - versions 754, 755, 756, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap
6.1
2022-03-10 CVE-2022-26102 Missing Authorization vulnerability in SAP Netweaver Application Server Abap
Due to missing authorization check, SAP NetWeaver Application Server for ABAP - versions 700, 701, 702, 731, allows an authenticated attacker, to access content on the start screen of any transaction that is available with in the same SAP system even if he/she isn't authorized for that transaction.
network
low complexity
sap CWE-862
5.4