Vulnerabilities > SAP
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-10 | CVE-2022-26103 | Unspecified vulnerability in SAP Netweaver Application Server Java 7.50 Under certain conditions, SAP NetWeaver (Real Time Messaging Framework) - version 7.50, allows an attacker to access information which could lead to information gathering for further exploits and attacks. | 5.3 |
| 2022-03-10 | CVE-2022-26104 | Missing Authorization vulnerability in SAP Financial Consolidation 10.1 SAP Financial Consolidation - version 10.1, does not perform necessary authorization checks for updating homepage messages, resulting for an unauthorized user to alter the maintenance system message. | 5.3 |
| 2022-03-10 | CVE-2022-24395 | Unspecified vulnerability in SAP Netweaver Enterprise Portal SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability. | 6.1 |
| 2022-03-10 | CVE-2022-24396 | Unspecified vulnerability in SAP Simple Diagnostics Agent The Simple Diagnostics Agent - versions 1.0 up to version 1.57, does not perform any authentication checks for functionalities that can be accessed via localhost on http port 3005. | 7.8 |
| 2022-03-10 | CVE-2022-24397 | Unspecified vulnerability in SAP Netweaver Enterprise Portal SAP NetWeaver Enterprise Portal - versions 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.This reflected cross-site scripting attack can be used to non-permanently deface or modify displayed content of portal Website. | 6.1 |
| 2022-03-10 | CVE-2022-24398 | Unspecified vulnerability in SAP Business Objects Business Intelligence Platform 420/430 Under certain conditions SAP Business Objects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker to access information which would otherwise be restricted. | 6.5 |
| 2022-03-10 | CVE-2022-24399 | Unspecified vulnerability in SAP Focused RUN 200/300 The SAP Focused Run (Real User Monitoring) - versions 200, 300, REST service does not sufficiently sanitize the input name of the file using multipart/form-data, resulting in Cross-Site Scripting (XSS) vulnerability. | 6.1 |
| 2022-03-10 | CVE-2022-22547 | Unspecified vulnerability in SAP Simple Diagnostics Agent Simple Diagnostics Agent - versions 1.0 (up to version 1.57.), allows an attacker to access information which would otherwise be restricted via a random port 9000-65535. | 7.5 |
| 2022-02-09 | CVE-2022-22528 | Unspecified vulnerability in SAP Adaptive Server Enterprise 16.0 SAP Adaptive Server Enterprise (ASE) - version 16.0, installation makes an entry in the system PATH environment variable in Windows platform which, under certain conditions, allows a Standard User to execute malicious Windows binaries which may lead to privilege escalation on the local system. | 7.8 |
| 2022-02-09 | CVE-2022-22532 | Unspecified vulnerability in SAP Netweaver Application Server Java In SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an unauthenticated attacker could submit a crafted HTTP server request which triggers improper shared memory buffer handling. | 9.8 |